More annual reports from Cohen & Steers:
2023 ReportA n n u al R e p o r t a n d A c c o u n t s 2 0 1 8 A LEADER IN REAL-TIME, HIGH PERFORMANCE, DDOS PROTECTION. Corero Network Security plc Corero Network Security is a leader in real-time, high-performance Distributed Denial of Service (“DDoS”) defence solutions. Service providers, cloud providers and digital enterprises rely on Corero’s award winning SmartWall® Network Threat Defense System and Threat Defense Director (“SmartWall”) technology to eliminate the DDoS threat. THE IMPACT OF DDOS ATTACKS 62%of companies are forecasting an increase in DDoS spending1 45%of companies consider DDoS to be a top cyber security concern2 43%of organisations received a DDoS attack3 $250k (p/h) revenue at risk in the face of a DDoS attack* 4 28%of organisations believe that large scale Terabit DDoS attacks such as the Memcached attacks in March 2018 will become the “norm” 3 WHY IS THERE A NEED FOR BUSINESSES TO ADDRESS DDOS THREATS? High availability of Cloud services and applications are critical for modern businesses and institutions Any DDoS downtime brings risk: Lost revenue or loss of control Operational costs to mitigate or recover from attacks Increased costs to retain unhappy customers and attract new customers Brand and reputation damage leading to competitive disadvantage or loss of confidence Regulatory fines, legal action, resignations What is a DDoS attack A Distributed Denial of Service attack is a cyber threat, in which multiple computer systems attack a target, such as a server, website or other network asset, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system, forces it to slow down or shut down, thereby denying service to legitimate users or systems. DDoS attacks are a threat to service availability, network security, brand reputation and ultimately lead to lost revenues. Attackers are continuing to leverage DDoS attacks as part of their cyber threat arsenal to either disrupt business operations or provide a smokescreen while they access sensitive corporate information, and they are doing it in increasingly creative ways that circumvent traditional security solutions or reduce the previous effectiveness of DDoS scrubbing centres. DDoS attacks can be found in a multitude of sizes and are launched for any reason imaginable. They can now be used to expose vulnerabilities, to extort payments, and as a smokescreen- like distraction for other nefarious activities. Today’s organised criminals are able to focus on the results that they want and simply buy or rent the malware or botnets they need to get there. 1 2 IHS Markit “Data Center Security Strategies and Vendor Leadership: North America Enterprise Survey” January 2019 CDW “The Cybersecurity Insight Report” 2018 3 4 * Neustar “The Changing Face of Cyber Attacks” July 2018 Neustar “Global DDoS Attacks & Cyber Security Insights Report” October 2017 As estimated by 49% of over 1,000 respondents in a Neustar survey Contents Overview 01 Highlights 02 At a Glance 06 Our Proposition Strategic Report 08 Chief Executive’s Strategic Update 16 Market Overview 20 Business Model 22 Our Strategy 23 Principal Risks and Uncertainties 25 26 Key Performance Indicators Financial Review Corporate Governance Report Governance 28 Board of Directors 30 Chairman’s Introduction 31 39 Committee Reports 40 Directors’ Report 43 Statement of Director’s Responsibilities Financial Statements 44 48 Independent Auditor’s Report Consolidated Statement of Comprehensive Income Consolidated Statement of Financial Position Company Statement of Financial Position Consolidated Statement of Cash Flows Consolidated Statement of Changes in Equity Company Statement of Changes in Equity 49 50 51 52 53 54 Notes to the Financial Statements Notice of AGM 85 Notice of Annual General Meeting Corporate Directory 88 Corporate Directory HIGHLIGHTS INCREASING TRACTION FOR CORERO’S SMARTWALL SOLUTION FROM TARGET MARKETS. Revenue SmartWall revenue growth 23.1%increase over the prior year SmartWall Legacy SmartWall recurring1 revenue growth 43.2% increase over the prior year 18 17 16 15 18 17 16 15 $10.0m (2017: $8.5 million) Reduced EBITDA loss2 $2.1m(2017: restated EBITDA loss $5.0 million3) Net cash $4.4mat 31 December 2018 (2017: $1.4 million) Loss per share 1.4c (2017: restated loss per share 3.0 cents3) OPERATING HIGHLIGHTS Global resale partnership with Juniper Networks (NYSE: JNPR) Increase in average new customer order intake value Perpetual license sales orders $275,000 (2017: $250,000) As-a-service contract value $55,000 per annum (2017: $40,000) Follow-on orders from existing customers $4.4 million (2017: $2.8 million) Continued high levels of customer satisfaction Services renewal rate remained strong at 98.5% (2017: 97.5%) 1 2 comprises maintenance, support services and as-a-service recognised revenue comprises the operating loss less unrealised foreign exchange differences on an intercompany loan, depreciation excluding DDoS protection as-a-service assets depreciation which is charged to cost of sales, amortisation and impairment of goodwill. The Directors consider EBITDA to be a better measure of profitability as it excludes non-cash items 3 restated as a result of a change in accounting policy related to the implementation of IFRS 15 as explained in note 2.5 For more information www.corero.com 01 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate Directory AT A GLANCE CORERO IS DEDICATED TO IMPROVING THE SECURITY AND AVAILABILITY OF THE INTERNET THROUGH THE DEPLOYMENT OF INNOVATIVE DDOS MITIGATION SOLUTIONS. DDOS ATTACKS CONTINUE TO RISE IN SIZE, FREQUENCY AND COMPLEXITY, IMPACTING THE SECURITY AND AVAILABILITY OF THE INTERNET. “ The simple fact is that if you’re online, you’re susceptible to an attack.” Neustar Service providers, cloud providers and Internet connected businesses require real-time protection against the evolving DDoS threat landscape. The Corero SmartWall® family of products can be deployed in various topologies including in-line, scrubbing or in conjunction with third party network and security products such as the Juniper MX Series router. The SmartWall family of products utilises innovative technology to automatically and surgically remove DDoS attack traffic, while allowing good traffic to flow uninterrupted. Corero’s key operational centres are in Marlborough, Massachusetts in the USA and Edinburgh in the UK, with the Company’s registered office in Uxbridge in the UK. The goal of the Corero SmartWall real-time DDoS mitigation solution is to protect service availability, revenues and brand reputations from harmful DDoS attacks. The Corero solutions are among the highest performing in the industry, while providing the most automated DDoS protection at unprecedented scale with the lowest total cost of ownership to the customer. These solutions are designed to provide real-time attack mitigation with continuous threat visibility, enabling the monetisation of DDoS protection as-a-service offering for service providers. The Corero SmartWall protects against DDoS attacks in seconds, rather than the minutes or tens of minutes taken by legacy solutions. 100%increase in attacks over 10Gbps* 8attacks per customer per day* 1 in 5 victims are attacked again within 24 hours of an initial attack* 02 * Source: Corero Full Year 2018 DDoS Trends Report AUTOMATIC REAL-TIME DDOS PROTECTION Internet SmartWall® Good Traffic Allowed Attack Traffic Blocked Protected Network Revenue-protecting real-time DDoS mitigation product for service providers and cloud providers. Available for rapid deployment within the provider’s infrastructure delivering compelling ROI. Revenue and reputation-protecting real-time DDoS mitigation product for digital enterprises. Solves for the scalability* and accuracy demands of both service cloud providers and digital enterprise businesses. Corero’s product can mitigate attacks in less than one second, unlike competing technologies which can take tens of minutes. WHY HOW WHAT We believe in a safe Internet protected from cyber attacks. We strive to eliminate the threat of DDoS attacks. We do this by combining our patents and algorithms with more than a decade of cyber security experience and DDoS threat analytics. Our SmartWall product automatically detects and mitigates DDoS attacks in seconds allowing our customers to stay open for business during an attack. PRODUCT OVERVIEW Corero has a market leading SmartWall product portfolio endorsed by over 100 customers, many of whom are using it to protect hundreds or thousands of their customers. It is recommended by NSS Labs (the world’s leading independent product testing laboratory) and selected by Juniper Networks as their DDoS mitigation solution. In September 2018, Corero signed a global partnership with Juniper to sell Corero’s SmartWall Threat Defense Director (“SmartWall TDD”) software product in conjunction with Juniper’s MX Series router. Juniper and Corero have developed an integrated solution for network-based DDoS defence that leverages powerful capabilities in the latest generation of Juniper’s MX Series router. * up to unrivalled tens of terabits of capacity SmartWall NTD120/280 SmartWall NTD1100 NTD120 Family 10/20 Gbps Highly Scalable NTD280 Family up to 80 Gbps in 1RU n x 10 or 20 Gbps 1RU @ 100 Gbps 1Tbps in only 10RU Smartwall vNTD (Virtual Appliance) Smartwall TDD (Virtual Appliance) n x 100 Gbps N N 7 x vCPU @ 10 Gbps N KVM N N N N vmware n x m Gbps Corero SmartWall TDD Filter Export Sampled mirror of ingress ports Streaming telemetry Filter export for ingress Ingress Traffic Egress Traffic Juniper Networks MX Series n x 10 Tbps O v e r v i e w S t r a t e g i c R e p o r t G o v e r n a n c e F i n a n c i a l S t a t e m e n t s 03 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate Directory AT A GLANCE CONTINUED CORERO IS A LEADER IN REAL-TIME, HIGH-PERFORMANCE, SCALABLE DDOS DEFENCE SOLUTIONS FOR SERVICE PROVIDERS, CLOUD PROVIDERS AND DIGITAL ENTERPRISES. Automatic real-time DDoS Protection Corero protects organisations’ online systems, information, data, revenues and brand reputations against the growing cyber threat of DDoS with dedicated technology for real-time mitigation of attacks, allowing good user traffic to flow uninterrupted. When an organisation selects Corero to protect their assets from the threat of DDoS attacks, they strengthen their Internet facing security defences and ensure service availability. DDoS attacks can be found in a multitude of sizes and are launched for any reason imaginable. They can now be used to expose vulnerabilities, to extort payments, and as a smokescreen-like distraction for other nefarious activities. Today’s organised criminals are able to focus on the results that they want and simply buy or rent the malware or botnets they need to get there. Corero Cloud Provider customer – single large attack 100000 90000 80000 70000 s p b M 60000 50000 40000 30000 20000 10000 1 0 2 . 2 0 2 . 3 0 2 . 4 0 2 . 5 0 2 . 6 0 2 . 7 0 2 . 8 0 2 . 9 0 2 . 0 1 . 2 1 1 . 2 2 1 . 2 3 1 . 2 4 1 . 2 5 1 . 2 6 1 . 2 7 1 . 2 8 1 . 2 9 1 . 2 0 2 2 . 1 2 2 . 2 2 2 . 3 2 2 . 4 2 2 . 5 2 2 . 6 2 2 . 7 2 2 . 8 2 2 . 9 2 2 . 5 December 2018 – Time (EST) Good Traffic Allowed Attack Blocked Corero US regional Service Provider customer – multi-vector-attack (eight vectors in a single attack over a 15-minute period) 9000 8000 7000 6000 s p b M 5000 4000 3000 2000 1000 0 4 2 . 1 4 2 . 2 4 2 . 3 4 2 . 4 4 2 . 5 4 2 . 6 4 2 . 7 4 2 . 8 4 2 . 9 4 2 . 0 5 2 . 1 5 2 . 2 5 2 . 3 5 2 . 4 5 2 . 5 5 2 . 6 5 2 . 7 5 2 . 8 5 2 . 9 5 2 . 0 0 3 . 1 0 3 . 2 0 3 . 3 0 3 . 4 0 3 . 5 0 3 . 6 0 3 . 7 0 3 . 8 0 3 . 9 0 3 . 0 1 . 3 1 1 . 3 2 1 . 3 3 1 . 3 4 1 . 3 5 1 . 3 23 December 2018 – Time (EST) Good Traffic Allowed Attack Blocked – UDP IP Fragment Attack Blocked – DNS Amplification Attack Blocked – UDP Server Flood Attack Blocked – uPNP Reply Attack Blocked – Other Attack Blocked – NTP MONLIST Attack Blocked – CHARGEN Response Attack Blocked – TCP SYN packetz 04 Corero Cloud Provider customer – multiple attacks, of varying sizes, over a single month 40000 35000 30000 s p b M 25000 20000 15000 10000 5000 12/01/2018 12/03/2018 12/05/2018 12/07/2018 12/09/2018 12/11/2018 12/13/2018 12/15/2018 12/17/2018 12/19/2018 12/21/2018 12/23/2018 12/26/2018 12/28/2018 12/30/2018 Good Traffic Allowed Attack Blocked “ The drivers and target customers are an ever- widening and diversifying group as enterprises invest in products for on-premises and hybrid deployments to increase the speed of mitigation and decrease costs. Service providers of all sizes and types are adding (or upgrading) on-premises capacity because of massive attacks, network upgrades, and demand from customers for managed DDoS services.” IHS Markit research, 19 November 2018. 05 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryOUR PROPOSITION What we do Corero provides dedicated technology for real-time mitigation of DDoS attacks in seconds, versus the minutes taken by legacy solutions, allowing good user traffic to flow uninterrupted. How we do it With varied deployment topologies (in-line, scrubbing, or directly on edge routers) the SmartWall family of solutions utilise innovative technology to automatically and surgically remove DDoS attack traffic. Corero enables revenue protection, customer retention and competitive differentiation in the face of DDoS attacks, for Internet Service Provider, Cloud Provider and Digital Enterprise customers. Protection is provided in cost effective scaling increments from 1Gbps, 10Gbps and 100Gbps to tens-of-terabits, to support customers bandwidth and inspection requirements. The Corero solutions are among the highest performing in the industry, while providing the most automatic security coverage at unprecedented scale with the lowest total cost of ownership to the customer. Corero enables Service Providers and Cloud Providers to protect their infrastructure from DDoS attacks and to deliver high value DDoS protection services to their customers, allowing for incremental service revenues. Corero has combined advances in Intel x86 multicore CPU technology, Data Plane Development Kit (“DPDK”) software for packet processing acceleration, and high-performance network interface cards (“NICs”), together with its innovative and highly efficient software architecture, to develop a new generation of appliances providing breakthrough price/performance for DDoS defence. SmartWall appliances perform sampled Deep Packet Inspection (“DPI”) to generate security metadata from traffic flows. The internal rules engine examines this metadata to flag offending packet flows in real-time and instantly block attacks. At the same time, the security metadata is streamed to the Corero SecureWatch Analytics platform, where further analysis, involving correlation with other performance metrics and event data, enables rapid identification of new attack vectors. SecureWatch Analytics also formulates new mitigation rules for these vectors that are distributed out to each SmartWall instance. Corero SecureWatch Analytics leverages Splunk’s analytics engine and provides robust reporting to transform sophisticated DDoS event data into easily consumable dashboards accessed via the SecureWatch Analytics web portal. Corero protects Digital Enterprises from DDoS attacks thereby ensuring availability and security of Internet services and applications essential for digital / on-line businesses and, in the process: • Protecting revenues by avoiding downtime and additional post DDoS attack remediation costs • Keeping customers happy and avoiding increased costs for retention of existing customers and acquisition of new customers • Protecting brand and reputation damage • Avoiding the risk of non-compliance, legal liability and fines. 06 Network-Based DDos Defense Across the Expanding Internet Access Edge Backbone Multi-Cloud Edge Broadband Mobile IoT Access 5G Wireless SD-WANs Peering Transit CDN DNS Content Mobile Apps Business SaaS Public Cloud Private Cloud The portal allows customer security operators to monitor and manage incident response, with the ability to conduct sophisticated forensic analysis. Corero’s SmartWall solution is highly automated, detecting and mitigating attacks without the intervention of security analysts or network operators, who may not even know the network is under attack, unless they are monitoring Corero’s dashboard for alerts. The Corero Service Portal enables a provider and their customers to gain visibility into attacks with per-tenant dashboards. Providers can assign tenant service levels and automatically distribute reports which showcase the value of the protection they are receiving. The Corero SecureWatch® service is a tiered offering comprised of configuration optimisation, monitoring and mitigation response services. These services, delivered by the Corero Security Operations Centre, are customised to meet the security policy requirements and business goals of each SmartWall customer. Corero’s DDoS defence solution is more than 99% effective in rapidly detecting and automatically mitigating real-world attacks within seconds. This degree of effectiveness, speed and accuracy would not be possible without incorporating the results from a Big Data analytics engine that can perform analysis of high velocity security metadata. Big Data analytics also provides the foundation for machine learning and AI techniques that can further improve the speed and effectiveness of DDoS defence. These techniques may prove very useful in thwarting future attacks that are more complex than those seen today. Next-Generation DDoS Defence for the Expanding Internet Edge Corero’s SmartWall solutions deliver high- performance DDoS protection for customers that include shared hosting facilities, large enterprises, government agencies, critical infrastructure providers and cloud-native digital enterprises such as online gaming and SaaS providers. Service Providers and Cloud Providers can deploy SmartWall appliances always-on at the edge, or in scrubbing centres for on-demand mitigation; and are also deploying Corero as a key component of managed security service offerings. These customers are benefiting from Corero’s ability to automatically detect and mitigate DDoS attacks in real-time with a platform that leads the industry in price/performance. The SmartWall TDD software is an extension of the solution that was developed by Corero to meet the demand for massive-scale, tens-of-terabits, mitigation by innovatively leveraging the built-in filtering power of Juniper Networks’ latest generation of infrastructure edge routing devices. This Juniper- Corero network-based DDoS defence solution can be deployed by any provider, large and small, but is particularly well-suited for mitigating attacks in large-scale networks supporting a large number of high speed links (10 Gbps – 100 Gbps) and large numbers of routers at the Internet edge. 07 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryCHIEF EXECUTIVE’S STRATEGIC UPDATE “ Corero is well positioned to deliver on its goal of being the leading player in the real-time DDoS mitigation market with SmartWall solution validation from over 100 customers and a growing number of GTM partners including Juniper Networks and GTT Communications.” Ashley Stephenson, Corero CEO Results Corero revenue for the year ended 31 December 2018 was $10.0 million (2017: $8.5 million) up 16.6% over the prior year. Recurring revenue increased to $5.1 million (2017: $4.0 million). The EBITDA loss reduced significantly to $2.1 million (2017: restated EBITDA loss $5.0 million). Revenue growth and progress towards EBITDA break-even was impacted by the longer time required to enable new go-to-market partners and secure contracts. However, we expect this to ramp-up in 2019. Operating performance against strategy Corero continued to make good operational progress. Delivery against our 2018 strategic objectives is summarised below: Expand routes to market Grow customer base • Progress made in the year, with new customer acquisition to be accelerated: – Continued demand for the SmartWall solution (over 100 SmartWall customers at year end) – Over $1.5 million order intake for SmartWall 100Gbps product in 2018 (2017: $0.4 million from initial orders following product release in December 2017) – Juniper global resale partnership expected to increase customer numbers in 2019 • 53% growth in sales order intake from Digital Enterprise customers Maintain competitive advantage in real-time DDoS mitigation • Delivered two new major SmartWall software releases to customers • Signed global resale partnership with Juniper Networks in September 2018 • Developed the SmartWall TDD product for the Juniper global resale partnership: – Juniper partnership enabled with SKUs, sales and support training • Corero and Juniper are now actively engaged in a number of prospects and trials with a strong pipeline of Juniper customer resale opportunities developing – Market leading software solution for DDoS mitigation for large Tbps scale networks • Fully integrated 100Gbps DDoS Appliance – SmartWall NTD1100 – Market leading solution for migration to 100Gpbs connectivity 08 Market dynamics Cyber attacks remain one of the top 5 global risks Technology continues to promise significant enhancements to business models in terms of both driving competitiveness and revenue growth through the deployment of digital strategies and technology platforms. However, as reported in the World Economic Forum Global Risks Report for 2019, technology also continues to play a profound role in shaping the global risks landscape, with cyber attacks remaining one of the top 5 global risks in terms of likelihood. Corero Network Security plc Annual Report and Accounts 2018CHIEF EXECUTIVE’S STRATEGIC UPDATE KEY INSIGHT DDOS MARKET TRENDS – CORERO PREDICTIONS FOR 2019 The need for real-time DDoS mitigation will continue to increase While we can be confident the record for the largest DDoS attack will be broken in the future, it’s difficult to predict when this will happen or if it will in 2019. However, we can confidently say that the need for organisations to deploy solutions which provide real-time mitigation of DDoS attacks will increase. These solutions allow organisations to eliminate attacks in real-time, allowing good user traffic to flow uninterrupted, and avoid the risk of costly outages or downtime. Organisations will become more proactive with security and actively cooperate with security vendors As awareness around cybersecurity increases and regulations like GDPR and the NIS Directive are brought into force, organisations will become more proactive with their security. Organisations will start taking a more risk-based approach to security where they assess which threats could pose the most damage to their businesses and working to prioritise security to defend against these incidents. Organisations will also become more dependent on vendor collaboration, where security companies combine their expertise to develop robust, state-of-the- art security protection. The security of Critical National Infrastructure will become a top concern As critical national infrastructure (CNI) organisations become more reliant on the Internet, and the IoT, to conduct operations, the risk of these systems falling victim to attack will increase. However, awareness of security within CNI organisations is increasing and will continue to do so in 2019. Botnets will continue to feature heavily in the growing threat landscape Despite the upcoming introduction of legislation around security for connected devices, IoT devices will still be a key target for attackers building botnets. These IoT devices will still be recruited to build large botnets, similar to that of Mirai in 2016, and used to launch massive DDoS attacks. This is why botnets will still be a key concern for security professionals throughout 2019. We can confidently say that the need for organisations to deploy solutions which provide real-time mitigation of DDoS attacks will increase. S t r a t e g i c R e p o r t N o t i c e o f A G M C o r p o r a t e D i r e c t o r y 09 09 Notice of AGMCorporate DirectoryOverviewGovernanceFinancial Statements CHIEF EXECUTIVE’S STRATEGIC UPDATE CONTINUED “ I am delighted to announce the agreement of a global go-to-market partnership with Juniper Networks for the sale and support of Corero SmartWall software and services in conjunction with Juniper’s MX Series. Many of our common customers have independently deployed Juniper and Corero products to protect their networks against DDoS attacks. This new partnership extends the scalability and automation of DDoS protection to unprecedented price-performance levels, securing these networks in real time against large-scale attacks.” Ashley Stephenson, Corero CEO 25bnIoT-connected devices by 2021 (Internet World Stats) Along with email spam, phishing, malware, DDoS attacks remain a persistent blight on the Internet. Technically sophisticated attackers using automated methods for launching attacks have escalated from an occasional but often severe nuisance into a widespread, ever-present and constantly worsening threat. Corero’s Full Year 2018 DDoS Trends Report shows the average number of attacks per customer was up 16% over 2017. An ever-expanding attack surface The vast complex of public networks spanning the globe is constantly growing and evolving, reaching into every corner of society. New users, endpoints and networks come online every hour of every day, presenting bad actors with a constantly expanding surface with new targets potentially vulnerable to attacks or exploitable for launching them. Financially motivated criminal organisations and nation state actors bent on cyber warfare have combined forces with malicious hackers to pool knowledge and experience to launch increasingly complex, multi-vector attacks that are more difficult to detect and mitigate. The vast majority of DDoS attacks are still either volumetric in nature – consuming a high percentage of network bandwidth – or focused on exhausting protocol-processing resources in the host systems under attack. Both types are highly effective in knocking out Internet applications and services, for minutes to sometimes hours and with negative consequences for service providers, businesses and consumers. A clear and present danger Attacks are often launched utilising large- scale botnets that attackers create by hijacking poorly secured endpoints, including servers, PCs, laptops and, in recent years, consumer IoT devices such as webcams. The majority (according to Verizon, over 75%) still leverage amplification techniques that jack up attack intensity by exploiting vulnerabilities in Internet services and host systems to increase the flood of traffic directed at targets. 10 Internet evolution is shifting the DDoS battlefield in two directions: out toward the rapidly growing IoT edge and up into the hyperscale datacentres supporting the ever-expanding cloud. “ Growth in revenue, retention of existing clients and broadened go-to-market strategy support our 2019 growth ambitions.” IoT Infected IoT devices Botnet Operator $ DDoS ISPs carrying DDoS Traffic $$$ Botnet DDoS Victim $$$$ Corero Network Security plc Annual Report and Accounts 2018KEY INSIGHT RISE OF IOT DRAMATICALLY INCREASES THE ATTACK SURFACE The Internet of Things (IoT) and the proliferation of its relatively cheap internet-enabled devices has opened up a whole new opportunity for cybercriminals over recent years. Despite its advantages, IoT comes with a host of security challenges. The manufacturers of IoT devices have been mainly focused on speed to market, for their next ‘must-have’ product. Security of these devices has not been a priority and, as a result, they are typically equipped with the most basic of, easily bypassed, protection. This makes them prime targets for hacker infiltration and takeover, aside from the personal privacy and security concerns that result from these security gaps. Exploitation of these devices, en masse, for DDoS attacks first came to light in late 2016 with ‘Mirai’, a now infamous botnet consisting of hundreds of thousands of IoT devices. Mirai itself was used to launch the well-publicised attack on Dyn, the Internet DNS provider, which took down the websites and services of many of the largest names on the Internet, for users on the Eastern seaboard of America, for several hours. Since then, publication of the source-code by its author has led to many variants, of increasing sophistication and potency. The real game changer here is the low barrier to entry this now presents for those intent on launching damaging DDoS attacks. The ability to take and modify the existing Mirai code reduces the level of knowledge required by a would-be cybercriminal. And, the simple to use interfaces they add to these botnets to turn them into DDoS-for-hire services means that anyone with a motive can now leverage them to launch damaging attacks, often for as little as a few dollars an hour. The costs are heavily weighted in favour of those launching attacks – with lost business and recovery costs for the victims typically reaching six figures and more. “ Massive attacks fuelled by billions of connected devices are the future, and the entire industry is investing and gearing up solutions to protect against this new generation of attacks. The move to 5G infrastructure will only compound the problems, greatly increasing the bandwidth for connected mobile devices (and the volume of attack traffic they can generate).” IHS Markit Research, 19 November 2018 S t r a t e g i c R e p o r t 11 Notice of AGMCorporate DirectoryNotice of AGMCorporate DirectoryFinancial StatementsGovernanceOverview CHIEF EXECUTIVE’S STRATEGIC UPDATE CONTINUED Rapid IoT adoption is driving a proliferation of intelligent devices that will ultimately exceed the number of user endpoints. Machine-to-machine connections from the edge will power a wide range of IoT applications, healthcare, environmental sensing and “smart” infrastructure – cities, buildings, homes and vehicles. Cybercriminals have already hijacked consumer IoT devices to create large-scale botnets and emerging mission-critical IoT networks will become targets for potentially catastrophic DDoS attacks. Cloud-based services supporting mobile apps, streaming video, e-commerce, SaaS and enterprise IT are growing at an astounding rate, deployed in massive hyperscale data centres consisting of thousands of servers, which are both targets for attack and potential launch platforms. Content delivery networks (CDNs), that are instrumental in scaling cloud service delivery, are also targets for crippling attacks that can disrupt services for millions of users. Bandwidth at the Internet edge continues to scale up. Gigabit consumer broadband is here, now. Multi-gigabit wireless over 5G networks is just over the horizon. More bandwidth at the edge is driving more capacity in the backbone. Service provider Internet connections are moving from 10Gbps to 100Gbps. A faster edge enables higher intensity attacks, and fewer endpoints are needed to launch crippling volumetric attacks. The never-ending battle DDoS defence is still a never-ending battle. Attackers discover and exploit vulnerable hosts or services to launch attacks. Defenders monitor network activity to compile a catalogue of attack profiles that are then used to generate rules to detect and identify attacks to take the necessary mitigation actions. Massive-scale, high-intensity DDoS attacks measured in hundreds of gigabits, and now even into the terabits, make headlines, but the every day battle is fought in an endless series of smaller-scale skirmishes. High- intensity attacks may rise for a period of time but then attackers are forced to regroup as network defences are mounted and operators reconfigure or protect vulnerable hosts. Yet the DDoS attack-and- defend cycle continues, with no end in sight, because there is no foolproof method to eradicate attacks. The Internet is too vast, complex, decentralised and constantly evolving. Defenders need to be ever-vigilant – individually and collectively – to deal with attacks when, not if, they occur. Opportunities for Corero Adoption of faster 100Gbps links As transit providers start pushing tenants towards using fractional committed data rates on 100Gbps connections, for cost and efficiency, versus two or more individual 10Gbps connections, we expect increased adoption of 100Gbps links. The challenge with faster 100Gbps links is that tenants can then be hit by up to 100Gbps of attack traffic, even if they are only subscribing to 20Gbps of regular capacity. We anticipate demand for Corero’s SmartWall 100Gbps technology to accelerate as a result of this and increasing end-user service-level expectations resulting in the requirement for Service Providers, Cloud Providers and Enterprises to deploy DDoS mitigation technology upgrades. Corero’s 100Gbps line-rate appliance ensures each 100Gbps connection can be automatically protected from DDoS, without impacting legitimate traffic. 5G will increase DDoS attack risk Telecoms providers are in a race to rollout 5G services that will empower smart devices and the IoT. The new telecommunications infrastructure required to enable it will bring a huge leap in the available bandwidth. This will enable end-users (both machine and human) to experience much faster access and downloads, and share more data across more devices. Along with the benefits and opportunities come new cybersecurity risks. For example, as more powerful smart devices come online, the networks hosting these devices will have an increased attack surface, which makes them bigger targets for malware, security breaches and, of course, DDoS attacks. It also increases the opportunity for those devices to be harnessed for the purposes of launching damaging DDoS attacks against other targets. 12 Corero Network Security plc Annual Report and Accounts 2018KEY INSIGHT EMERGING EVIDENCE OF INDISCRIMINATE DDOS ATTACKS During 2018 Corero observed evidence of attacks that disrupt larger numbers of victims but exhibit no obvious or specific targeting. Questions being asked are: • Are the attacks trying to disrupt the Internet in general? • Are they broad anti-establishment or anti-nation attacks? • Are the attacks spread out over wide ranges to avoid legacy detection techniques? • Are the attacks a side effect of increased use of more aggressive scanning tools? • Are the observed traffic levels side effects of targeted campaigns causing indirect damage as they are leveraged to attack third parties? The current assumption is that it’s most likely a mix of several of the above scenarios. In November 2018, during a 24 hour period, tens of thousands of IP addresses spanning a wide range of unrelated sites, were observed to be the target of excessive traffic rates from the Internet. The suspicious traffic appeared to be part of the same event. The traffic levels were sufficiently elevated to cause an unprotected site to suffer a service impact or an outage. It was not possible to account for the number of victims impacted by this incident but it is considered likely that the vast majority of target sites were not explicitly selected. The Internet-connected world has grown more complex due to faster connections, the widespread adoption of Internet of Things (IoT) devices, and cloud services. Simultaneously, DDoS threats have become more sophisticated and frequent. Whilst unlawful in many countries, DDoS-for-hire services are commonplace and inexpensive. S t r a t e g i c R e p o r t N o t i c e o f A G M C o r p o r a t e D i r e c t o r y 13 13 Notice of AGMCorporate DirectoryOverviewGovernanceFinancial Statements CHIEF EXECUTIVE’S STRATEGIC UPDATE CONTINUED Outlook Corero enters 2019 following a year of solid growth in revenue and order intake and with a significant resale partnership agreement in place with Juniper Networks. We are confident about Corero’s prospects in the short to medium term, with the DDoS mitigation market fundamentals remaining strong and market analysts forecasting double-digit growth, and continue to believe the business is well placed for further growth. Ashley Stephenson Chief Executive Officer 10 April 2019 I n t s s e i n e o f a e c r c t e u e m u lti- v h s k a t t a c r o 2 9.3 % 8.5 7 1 0 2 % P % 11.0 8 1 0 2 r e r g e o f s w it h m o n t a c t o e k e v n o n e e r c a t t a t h c a 5G will power more virtual reality, artificial intelligence, remote surgery, and automated machinery, all of which will rely on highly available and low latency connectivity. Downtime or service disruption for networks that support these critical applications will become increasingly disastrous (or, at the very least, much less tolerated). Any organisation which relies on the Internet for its business, needs to be prepared for the increased cyber risks that 5G brings. In particular, Internet Service Providers now face a significant challenge, securing their increasingly complex and exponentially faster networks in an era where DDoS attacks have grown in frequency and sophistication. It will be critical that they prevent DDoS traffic from disrupting their own network-based service offerings, as well as those of their customers. Super-scale DDoS protection Carriers and other Tier-1 Service Providers have traditionally adopted a bifurcated approach to DDoS protection, for reasons of cost and the practicalities of deploying the available protection solutions. This two-tier service results in only the smaller DDoS attacks being filtered out, with larger attacks being addressed by blocking all traffic headed for the target, taking them offline for the duration. This may have been more accepted in the past but, as organisations increasingly rely on their Internet presence being available 24/7, this presents an increasing challenge for service providers. Recent advances in the inherent traffic filtering capabilities of network routers, from vendors such as Juniper Networks, is enabling a new generation of protection. Security solutions can now leverage next generation router filtering to deliver super-scale protection directly at the perimeter of a network. We believe that Corero is the first DDoS vendor to effectively leverage real-time infrastructure-based traffic-filtering, which is enabling protection to be extended to an unprecedented tens-of-terabits scale. Combined with Corero’s highly automated approach, providers can deliver this super-scale protection at a price-point that was not previously possible. 14 Corero Network Security plc Annual Report and Accounts 2018KEY INSIGHT INCREASE IN THE USE OF MULTI-VECTOR ATTACKS Multi-Vector vs. Single-Vector Attacks There was an increase of 29% in the use of multi-vector attacks in 2018 compared to 2017. Multi-vector attacks present several additional challenges for both detection and mitigation for the following reasons. • For complete mitigation it is necessary to recognise each and every vector and respond with the appropriate mitigation without impacting legitimate traffic. • Multi-vector attack rates are usually additive in terms of bandwidth and packet rate. The total attack rate will be the sum of vector1 + vector2 + vector3 etc. • Multi-vector attacks often exhibit more variability in rate, as different vectors join and leave the attack. This presents challenges for many traditional detect-and-redirect DDoS solutions that typically provide partial mitigation capacity. Making a decision on the mitigation method (e.g. redirection vs. blackhole) based on the current attack rate is flawed as this can vary on a minute by minute basis. Multi-vector attack example • The most common contributors to multi-vector attacks continue to be volumetric UDP amplification vectors including DNS, NTP, Chargen, SSDP and CLDAP. • Attackers frequently mix resource exhausting TCP SYN floods from spoofed sources to make tracking more challenging. • These vectors, and other variants, are added or subtracted multiple times during a typical 10 minute attack period. The aggregate amplitude may vary up to 10X during the attack as vectors surge and fade. Internet resilience can come down to a fraction of a second. When the Internet goes down, businesses that rely on that service go down with it, and DDoS attacks are considered one of the most serious threats to Internet availability today. Downtime or latency can significantly impact brand reputation, customer trust and revenue. Within Europe, the introduction of the GDPR and NIS legislation has significantly increased the risk of punitive fines for cyber-resilience failures. S t r a t e g i c R e p o r t 15 Notice of AGMCorporate DirectoryNotice of AGMCorporate DirectoryOverviewFinancial StatementsGovernance MARKET OVERVIEW DDOS ATTACKS ARE ACCELERATING IN PURPOSE, SOPHISTICATION, COMPLEXITY, SCALE AND FREQUENCY. A wide range of critical cybersecurity issues face every Internet connected organisation. These threats include denial of service, hacking, breach, phishing, fraud, data theft and exfiltration. These threat vectors present themselves via the essential Internet connections that are required to support the online business. Today, the vast majority of leading Internet service providers sell raw Internet transit capacity. This raw capacity, usually sold via 1Gbps, 10Gbps and increasingly 100Gbps transport connections, carries good customer traffic and malicious bad traffic without discrimination. If an enterprise, data centre, or hosting facility connects to these raw transit providers they will be exposed to Internet-borne cyber threats and their information security posture should be prepared to detect and protect against any associated malicious intent. Corero focuses on one specific category of these cyber threats encompassing denial of service and has developed a real-time DDoS detection and mitigation solution that delivers automatic detection and protection against DDoS attacks. Businesses and public-sector organisations are vulnerable to DDoS attacks and recent years have seen some of the world’s best-known companies fall victim with, in some cases, catastrophic impact for their customers. The broad range of motives for executing DDoS attacks, coupled with the relative ease with which they can be performed, means that they are carried out by a huge variety of actors, including; criminal gangs, activists, terrorist groups and nation state “bad actors”. Aside from those who are focused purely on disrupting services, many of those who carry out DDoS attacks do so for extortion, as a way to expose other vulnerabilities, or as a smokescreen to steal data, or plant malware. atta 100% In cre cks o ase in D er 10 v D o G b S ps 81%attacks lasted less than 10 minutes Low volume, short duration attacks 16 Corero Network Security plc Annual Report and Accounts 2018Our customers Corero’s customers are delighted with our ability to protect their brand and revenues in the face of DDoS attacks. Because of this we have an extremely high renewal rate. Renewal Rate 98.5% x o f N u m b e r t a c k s o v e r 1 0 G b p s a t 2 16% increase in attacks (2018 v 2017) While the frequency of attacks is concerning, their size and duration are also important to highlight. • 98% of mitigated DDoS attacks were less than 10Gbps in volume in 2018 (2017: 99%). • The nature of the DDoS threat landscape is the reason attack size and duration remains the primary factor in organisations choosing a DDoS Protection solution. • The continuing trend is that attacks are getting shorter. In 2018, 81% of attacks lasted less than 10 minutes; up from 71% in 2017. • The long-term trend of a reduction in the percentage of attacks over 20 minutes continues with further decline in average duration. In 2018, only 12% of attacks lasted longer than 20 minutes; down from 19% in 2017. In summary, attacks below 10Gbps and short duration attacks continue to dominate with these attacks trending larger and shorter to evade traditional protection methods. Only fast acting, automatic, solutions are able to defend against such attacks. 8attacks per customer per day Average attack per customer (Source: Corero Full Year 2018 DDoS Trends Report) Average Duration of DDoS Attacks Minutes 0 – 5 6 – 10 11 – 20 21 – 30 31 – 60 > 60 2015 63% 17% 7% 8% 3% 2% 2016 54% 18% 8% 11% 4% 5% 2017 58% 13% 10% 7% 6% 6% Average Size of DDoS Attacks Size <1G 1G – 5G 5G – 10G >10G 2015 87% 9% 3% 1% 2016 77% 18% 4% 1% 2017 82% 14% 3% 1% 2018 65% 16% 8% 4% 4% 4% 2018 82% 13% 3% 2% (Source: Corero Full Year 2018 DDoS Trends Report) 17 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements MARKET OVERVIEW CONTINUED Within a 90-day window, the trend is that victims have a 1 in 5 chance (22%) of being attacked again within 24 hours and, during the remainder of that period, the probability of follow-up attacks rises to 1 in 3 (36%). 1 in 5 chance (22%) of being attacked again within 24 hours Risk of Repeat Attacks (Source: Corero Full Year 2018 DDoS Trends Report) Probability of Repeat DDoS Attacks by Elapsed Time Days 2017 Q1 2017 Q2 2017 Q3 2017 Q4 2018 Q1 2018 Q2 2018 Q3 2018 Q4 <1 25% 23% 23% 22% 20% 21% 22% 23% 2 – 7 8 – 30 31 – 90 9% 4% 2% 8% 8% 4% 9% 7% 3% 8% 7% 3% 7% 6% 3% 7% 6% 3% 7% 5% 2% 6% 5% 2% When combined with the data indicating that the majority of attacks also last less than 10 minutes, the repeat attack findings call into question the efficacy of traditional detect, redirect and mitigate solutions, that typically need up to ten minutes, or more, to initiate mitigation. “ Interface upgrades on security appliances will continue in a big way in 2019; 63% of respondents say upgrading security appliances to gain access to high-speed network interfaces is a purchase driver.” IHS Markit Research, “Data Center Security Strategies and Vendor Leadership – North American Enterprise Survey” 29 January 2019 18 Corero Network Security plc Annual Report and Accounts 2018“ Growth continues as nonstop attacks plague a variety of industries and large enterprises and as service providers of all types look to protect their networks from ever-larger and more sophisticated attacks fueled by a new generation of IoT devices and the botnets they enable. The new normal for attack sizes is ever increasing, and mitigation capacity needs to scale with those attacks.” IHS Markit Research, 19 November 2018 DDoS market drivers • Terabit DDoS attacks: 28% of organisations believe that large-scale Terabit DDoS attacks, such as the Memcached attacks in March 2018, will become the “norm” 1 • Explosive Internet traffic growth*: Growth has driven major carriers to upgrade their backbone infrastructure to increase capacity, driving a need for increased capacity DDoS prevention solutions 2 * global IP traffic will grow from 1.2ZB in 2016 and reach 3.3ZB by 2021 • Mobile network upgrades: 5G-enabled devices will dramatically increase how much attack traffic a mobile network bot can generate 2 • Data centre upgrades and roll-out of Cloud infrastructure: Large enterprises and hosting/cloud providers need DDoS solutions with improved performance, faster physical interfaces, and advanced detection and mitigation technologies 2 1 Neustar “The Changing Face of Cyber Attacks” July 2018 2 IHS Markit, DDoS prevention Appliances Market Tracker, 19 November 2018 Corero is targeting a high growth security market; the market for DDoS prevention appliances is forecast by IHS Markit Technology research, a leading analyst, to reach $1.45 billion by 2022 with a CAGR of 11.0% in that period. Market opportunity 19 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsBUSINESS MODEL THE CORERO BUSINESS MODEL COMPRISES THE DEVELOPMENT, MARKETING AND SALE OF NETWORK SECURITY PRODUCTS AND SERVICES TO PROVIDE CUSTOMERS WITH COMPREHENSIVE PROTECTION FROM DDOS ATTACKS. Price Cost effective entry point, with price/performance leadership, at any scale We apply our sources of competitive advantage… Automatic mitigation Goal 99% no customer intervention required Scalability Modular and distributed, pay as you grow, for even the largest Internet service provider and carrier networks Real-time Immediate protection – seconds rather than minutes Accuracy Lowest false positive rates, eliminate downtime and collateral damage “ One of the main drivers for DDoS prevention investment is the “increasing volume of highly visible attacks, including a mix of politically motivated attacks, state-sponsored electronic warfare, social activism, organised crime, and good old fashioned pointless mischief and mayhem, driven by the easy availability of bots/botnets for hire and easily distributed crowd-sourced attack tools.” IHS Markit Research, 19 January 2019 Sales orders intake for the year ended 31 December 2018 51% 49% Service Providers and Cloud Providers Digital Enterprises 20 Corero Network Security plc Annual Report and Accounts 2018BUSINESS MODEL Channel partners (distributors and resellers) Cloud Providers Direct sales To our chosen target markets… To create value Service Providers Digital Enterprises Go-to-market partners Routes to market Corero has, in 2018, focused on developing and expanding its routes to market which include: • Direct sales: Corero sales team selling directly in its chosen markets of North America, Europe, and Australia (in certain markets channel partners are used for order fulfilment); • Indirect sales: Value added resellers and distributors selling the SmartWall solution to their customer base; and • Partner sales: The principal partners SecureWatch managed services include: • Software updates delivered to the Corero appliances and software instances in customer networks, to provide proactive on-going protection from the latest DDoS threats; and • 24x7x365 monitoring and support services including DDoS attack mitigation tuning delivered by the highly experienced Corero Security Operations Centre team. include Juniper and GTT Communications who resell the Corero SmartWall solution or a DDoS protection service to their customers thereby leveraging these partner’s customer and geographic market reach. Further go-to-market partner relationships will be developed to amplify Corero’s market reach. Corero sells the SmartWall technology to customers in the form of either (a) an appliance sale and perpetual software license, plus annual SecureWatch services, (b) as a software subscription for its virtual appliance software, or (c) as-a-service which enables the customer to utilise the technology on a subscription or revenue share basis (without owning the appliance and software). 21 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsOUR STRATEGY EXECUTING ON THREE-PRONGED GO-TO-MARKET FOCUS. THE CORERO STRATEGY IS TO DEVELOP SOFTWARE AND PROVIDE SERVICES TO PROTECT AGAINST A CONTINUOUSLY EVOLVING DDOS ATTACK LANDSCAPE THAT THREATENS ANY INTERNET CONNECTED BUSINESS, OR THE PROVIDERS THAT SERVE THEM. Scaling the business towards profitability • Three-pronged go-to-market focus: Investment in sales and marketing to drive growth • Sales investment to support growth plans – Direct sales: Corero sales team focused on the SmartWall target market to leverage success to date – Indirect sales: channel partner proposition – Partner sales: close engagement with go-to-market partners such as Juniper and GTT Communications and development of additional partner relationships • Channel leverage: utilise Juniper channel partners given close alignment between Corero and Juniper’s customer focus (service providers, cloud providers and digital enterprises) • Marketing spend focused on new customer sales lead generation Maintaining competitive advantage • Incremental product enhancements with stable R&D investment – New DDoS attack defences – New machine learning and artificial intelligence capabilities Continuing to focus on customer delight • Superior customer service and support • Target world class support and services renewal rates of >90% “ Providers are facing the challenge of securing increasingly complex and exponentially faster networks. By leveraging Corero’s SmartWall DDoS detection and mitigation technology to automatically control Juniper’s SDN-enabled MX Series, we are able to offer an integrated solution that protects the Provider Edge against the increasing risk posed by DDoS attacks. Juniper’s expanded relationship with Corero provides our customers with additional security options to make the self-driving network a reality.” Wayne Cheung, Product Marketing Director, Juniper Networks “ Juniper Networks provides the routing infrastructure for some of the world’s largest and most critical IP networks, including key subscriber, mobile, enterprise, government, and academic networks. “This partnership raises the bar for automated, scalable and secure IP networks by integrating Juniper’s proven routing technology and Corero’s high-performance DDoS protection, and delivering the combined solution to large, strategic customers through Juniper’s global sales force and channel.” Jeff Wilson, Senior Research Director Cybersecurity Technology, IHS Markit 22 Corero Network Security plc Annual Report and Accounts 2018PRINCIPAL RISKS AND UNCERTAINTIES CORERO IS DEPENDENT ON REVENUE GROWTH TO DELIVER ON ITS STRATEGY. LOWER SALES GROWTH WILL REDUCE THE COMPANY’S CASH RESOURCES WHICH COULD IMPACT THE INVESTMENT IN PRODUCT DEVELOPMENT. Market awareness Technology change and innovation People Sales growth The Company manages these risks by monitoring the key performance indicators which are set out on pages 26 and 27. Corero is an emerging player in the DDoS prevention market and competes with much larger organisations. If Corero is not successful in connecting with the market and raising its profile this will compromise growth plans. To raise market awareness of Corero and its DDoS mitigation solutions, the Group will invest in targeted digital marketing and lead generation programs. The DDoS mitigation market is competitive and characterised by constant changes in technology, customer requirements and frequent new product introductions and improvements. Cybersecurity and DDoS attacks are constantly evolving and changing as attackers develop new methods and tools to evade defences. Corero is focused on its chosen markets and delivering continuous innovation by adding new DDoS attack defences and new machine learning and artificial intelligence capabilities. Retaining and recruiting people with the necessary skills and experience. To grow and address the challenges resulting from technology change and innovation in the DDoS mitigation market, the Company needs to retain and recruit the required sales, business development, and technical product development skills. Corero operates in a high growth market with new players emerging. If Corero is unable to recruit and retain the right skills this will compromise growth plans. Corero targets paying in the upper quartile for comparable positions and has a share options plan to provide an incentive for employees. Corero’s business success depends on growing SmartWall product and SecureWatch and DDPaaS service sales to new customers in its target market of service providers, cloud providers and digital enterprises. If Corero is not successful in identifying customer prospects with a business need Corero can solve, or developing go-to-market partner and channel partner relationships which generate revenue, this will compromise growth plans and success. To be successful Corero will: • Focus its lead generation and sales resources, and product development, on its target markets • Work closely with go-to-market partners and in particular with Juniper to progress sales opportunities and generate revenue • Develop relationships with go-to-market partners, channel partners and system integrators to expand its routes to market. 23 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsPRINCIPAL RISKS AND UNCERTAINTIES CONTINUED Brexit The impact of Brexit, whilst giving rise to uncertainty, is not expected to have a significant impact on Corero. • EU customer impact. In the year ended 31 December 2018, 7.5% (2017: 4.4%) of Corero’s order intake was generated from customers in the EU (excluding the UK), and 25.4% from customers in the UK (2017: 21.9%). Any potential short-term Brexit related impact on the movement of goods from the UK is not expected to materially impact Corero as hardware products can be shipped to EU based customers from Corero’s US subsidiary. • The risk of a downturn in the UK and EU economies. Brexit may impact economic conditions in the UK and EU which may have an impact of customer’s IT budgets. It is too early to forecast whether such an impact would materially impact Corero’s business. • Sustained reduction in the value of GBP sterling. Corero equity fund raises are in GBP and its debt is denominated in GBP. To the extent such funds are required to support US dollar denominated funding requirements, the lower value of GBP reduces the value of US dollar denominated funding requirements that can be funded from such fund raises. The Group mitigates this risk by utilising US denominated funds received by the Group’s UK subsidiary to fund the Group’s US subsidiary to the extent such funding is required, with the GBP funding requirements satisfied from the GBP denominated funds generated from GBP equity and debt fund raises. • EU citizen employees UK working rights. Corero’s UK workforce includes EU citizens. The UK government has as part of the Brexit negotiations made a commitment to allow EU workers employed at the date of Brexit to apply for “settled status in the UK”. However, the uncertainty regarding Brexit is having a negative impact on such EU citizens. Corero believes such uncertainty can be managed and the sufficient talent will be available post Brexit albeit that salary costs may increase. “ We welcome the investment from a global corporation of Juniper Network’s reputation and scale, in addition to our previously announced global resale partnership. We feel this represents a further endorsement of our vision for SmartWall products as a critical component in securing IT networks from DDoS attacks. We look forward to working closely with Juniper to capitalise on our partnership and jointly pursuing the market opportunity for DDoS protection via its global sales force and channel.” Ashley Stephenson, Corero CEO 24 Loss per share 1.4c (2017: restated loss per share 3.0 cents2) Corero Network Security plc Annual Report and Accounts 2018FINANCIAL REVIEW CORERO ENDED THE YEAR STRONGLY, WITH A RECORD FINAL QUARTER ORDER INTAKE The 2018 operating loss of $5.0 million (2017: restated loss $8.5 million2) includes amortisation of capitalised development expenditure of $2.9 million (2017: $2.4 million). $1.7 million was spent on the continuing development of the SmartWall product portfolio (2017: $2.2 million). The loss for the year after taxation amounted to $5.2 million (2017: restated loss $8.4 million2) and includes: • Unrealised exchange gain of $0.4 million (2017: loss $0.6 million) arising on an intercompany loan; • Finance costs of $0.3 million (2017: $0.004 million). The loss for the year reflects the continuing investment in Corero’s technology and sales and marketing activities. Corero is focused on delivering accelerated sales growth through expanded routes to market, which, with gross margins exceeding 75%, is expected to result in improved profitability and targeted EBITDA breakeven by the end of 2019. • Loss per share 1.4 cents (2017: restated loss per share 3.0 cents2) • Group’s net assets at 31 December 2018 $19.0 million (2017: restated $17.6 million2) Andrew Miller Chief Financial Officer 10 April 2019 “ The Corero management team is focused on delivering on its objective of being EBITDA profitable and cash generating by the end of 2019.” Revenue growth and progress towards EBITDA break-even was impacted by the longer time required to ramp up new go-to-market partners and secure contracts. Despite this, the EBITDA loss1 decreased by 57.9% over the prior year as a result of a 16.6% increase in revenue and 13.3% reduction in adjusted operating expenses3 in the year with a focus on cost management. 1 2 3 comprises the operating loss less unrealised foreign exchange differences on an intercompany loan, depreciation excluding DDoS protection as-a-service assets depreciation which is charged to cost of sales, amortisation and impairment of goodwill. The Directors consider EBITDA to be a better measure of profitability as it excludes non-cash items restated as a result of a change in accounting policy related to the implementation of IFRS 15 as explained in see note 2.5 operating expenses less unrealised foreign exchange differences on an intercompany loan, depreciation excluding DDoS protection as-a-service assets depreciation which is charged to cost of sales, amortisation and impairment of goodwill up 16.6 Revenue$10.0m (2017: $8.5 million) % over the prior year EBITDA1 loss $2.1m(2017: restated EBITDA loss $5.0 million2) Group’s net assets at 31 December 2018 $19.0m (2017: $17.6 million2) O v e r v i e w S t r a t e g i c R e p o r t G o v e r n a n c e F i n a n c i a l S t a t e m e n t s 25 25 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements KEY PERFORMANCE INDICATORS 2 0 1 8 2 0 1 7 2 0 1 6 2 0 1 8 2 0 1 7 2 0 1 6 2 0 1 8 2 0 1 7 2 0 1 6 SmartWall Revenue $9.8m +23.1% Definition Represents statutory revenue for the SmartWall product, which is generated from the sales of SmartWall products and services and DDPaaS services. This revenue excludes the legacy product revenue of $0.2 million (2017: $0.6 million). Performance SmartWall revenue increased by 23.1% in 2018. Sales order intake $11.1M +18.9% Definition Represents purchase orders from customers including multi-year services and support orders. Performance Order intake for the year ended 31 December 2018 was $11.1 million, with $6.2 million (56.4%) representing recurring revenue in the form of support, services, and as-a-service contracts (2017: order intake was $9.3 million including recurring revenue order intake of $4.9 million). The average perpetual license order value in 2018 was $275,000 (2017: $250,000), and the average as-a-service contract value (excluding revenue share contracts) was $55,000 per annum (2017: $40,000 per annum). SmartWall Recurring Revenue $4.9m +43.2% Definition Represents maintenance, support services and as-a-service revenue for the SmartWall product recognised as part of the statutory revenue for the year. This recurring revenue excludes the legacy product revenue of $0.2 million (2017: $0.6 million). Performance SmartWall recurring revenue grew by 43.2% in the year ended 31 December 2018 to $4.9 million (2017: $3.4 million). Total recurring revenue for the year ended 31 December 2018 was $5.1 million including $0.2 million relating to legacy products (2017: $4.0 million including $0.6 million relating to legacy products), representing 51.1% of total revenue (2017: 47.1%). Revenue from DDPaaS contracts increased over 150% to $0.8 million (2017: $0.3 million). 26 Corero Network Security plc Annual Report and Accounts 20182 0 1 8 2 0 1 6 2 0 1 7 2 0 1 6 2 0 1 7 2 0 1 8 2 0 1 6 2 0 1 7 2 0 1 8 2 0 1 6 2 0 1 8 2 0 1 7 Gross margin % EBITDA Net cash 78.0% Definition Represents statutory gross profit divided by statutory revenue. It measures the Group’s underlying profitability before overheads. Performance Corero’s gross margin in 2018 increased to 78.0% (2017: 75.1%) as a result of the increase in services and DDPaaS revenue. -$2.1m +57.9% Definition Represents the operating loss less unrealised foreign exchange differences on an intercompany loan, depreciation excluding DDoS protection as-a- service assets depreciation which is charged to cost of sales, amortisation and impairment of goodwill. The Directors consider EBITDA to be a better measure of profitability as it excludes non-cash items. Performance The EBITDA loss reduced by 57.9% in 2018 to $2.1 million as a result of a 16.6% increase in revenue and a 13.3% reduction in adjusted operating expenses in the year. $4.4m +214% Definition Represents cash at bank less total debt. Performance The cash at bank balance at 31 December 2018 was $8.0 million (2017: $1.4 million). The debt balance at 31 December 2018 was $3.6 million (2017: $0). The net cash used in operating activities in the year ended 31 December 2018 was $1.8 million (2017: $6.0 million). In the year ended 31 December 2018, the Company raised $5.3 million (after costs) from an equity fund raise in April 2018 and $2.0 million from an equity investment from Juniper Networks in October 2018, and concluded and drew down on a $4.1 million term bank loan in May 2018. Security service and support contract renewals 98.5% Definition Renewal rate of annuity SecureWatch® service contracts (typically one-year contracts) by value. Performance Corero continues to generate market leading renewal rates of 98.5% in 2018, a strong endorsement of Corero’s customer satisfaction. The renewal rate for the year ended 31 December 2016 reflects that 2016 was the first contract renewal cycle following the SmartWall product launch in the second half of 2014. The number of SmartWall customers has increased from less than 30 at 31 December 2015 to over 100 at 31 December 2018. The Strategic Report on pages 8 to 27 is signed by order of the Board. Duncan Swallow Company Secretary 10 April 2019 27 27 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements Corero Network Security plc Annual Report and Accounts 2018 BOARD OF DIRECTORS Jens Montanana (58) Non-Executive Chairman COMMITTEE MEMBERSHIP Richard Last (61) Independent Non-Executive Director* Peter George (60) Independent Non-Executive Director APPOINTED 9 August 2010 BACKGROUND & EXPERIENCE Jens has spent the majority of his over 30-year career in the technology industry with considerable operational and commercial experience in the resale and distribution of information technology hardware and software solutions. He is the founder and CEO of Datatec Limited, established in 1986 which listed on the Johannesburg Stock Exchange in 1994. Between 1989 and 1993 Jens served as Managing Director and Vice-President of US Robotics (UK) Limited, a wholly owned subsidiary of US Robotics Inc., which was acquired by 3Com. In 1993, he co-founded US start-up Xedia Corporation in Boston, an early pioneer of network switching and IP bandwidth management, which was subsequently sold to Lucent Corporation in 1999 for $246 million. He has previously served on the boards and sub-committees of various public companies. CURRENT APPOINTMENTS CEO of Datatec Limited and Director of various Datatec Limited subsidiary companies. 22 May 2008 3 January 2019 Peter George is a US based executive with over 30 years’ experience in the IT networking and cybersecurity industry. He has a successful track record as CEO of leading IT network and security companies and provides sales and marketing leadership experience to the Board. Peter was most recently President and CEO of empow cybersecurity, a market innovator in AI, machine learning and advanced security analytics. Prior to empow, between 2008 to 2017, he was President and CEO of Fidelis Cybersecurity a leading US-based Advanced Threat Defense business. Before joining Fidelis, Peter was President and CEO of Crossbeam Systems, a market leader in Unified Threat Management. Prior to that he was the President of Nortel Networks’ enterprise business where he was responsible for growing a $2 billion and 5,000 employee voice and data business in EMEA. Director of EJ2 Communications Inc. (trading as Flashpoint). Richard has over 20 years’ senior experience in information technology having worked at board level for a number of publicly quoted and private companies in the technology sector. He is a Fellow of the Institute of Chartered Accountants in England and Wales (“FCA”). *As Richard Last is a Corero shareholder (0.5% of the Corero issued share capital) and holder of share options (830,000 options), and has been a Non-Executive Director of the Company for over 10 years, his independence has been considered by the Board. The Board is satisfied that Richard Last is independent. Chairman of ITE Group plc which is quoted on the London Stock Exchange. Chairman of AIM listed Gamma Communications plc, a UK telecommunications service provider, Tribal Group plc, a technology company and Arcontech Group plc, a provider of IT solutions for the financial services sector. In addition Richard is chairman of BSC VCT2 Plc and Lighthouse Group plc (Richard will be stepping down from both of these boards in the near future). 28 Nominations and Remuneration Committee Audit, Risk and Compliance Committee Ashley Stephenson (60) Chief Executive Officer Andrew Miller (55) Chief Financial Officer Duncan Swallow (54) Company Secretary COMMITTEE MEMBERSHIP APPOINTED 6 September 2013 9 August 2010 1 November 2007 BACKGROUND & EXPERIENCE Ashley is an IT industry executive and Internet technology entrepreneur, with operating experience in the United States, Europe and Asia. His previous experience includes: CEO of Reva Systems, which was acquired by ODIN, and CEO of Xedia Corporation, which was acquired by Lucent. He has provided strategic advisory services to a number of leading multinational IT companies including technology vendors, distributors and services companies. Ashley began his career at IBM Research & Development in the UK. He is a graduate of Imperial College, London with a degree in Physics and is an Associate of the Royal College of Science. Ashley has deep technology and software development skills and experience. Ashley also acts as Corero’s Chief Technology Officer. CURRENT APPOINTMENTS Eyealike, Inc. StepVest LLC Duncan is responsible for the Company secretarial function and is also the Group Financial Controller. Prior to joining the Company, Duncan was Divisional Financial Controller for CCH, a Wolters Kluwer business, specialising in providing books, online information, software, CPD and fee protection to tax and accounting professionals. He is a fellow of the Association of Chartered Certified Accountants. Prior to joining the Company, Andrew was with the Datatec Limited group in a number of roles between 2000 and 2009 including Logicalis Group Operations Director and Corporate Finance and Strategy Director. He ran the Logicalis acquisition strategy, acquiring and integrating 12 companies in the US, UK, Europe and South America. Prior to this, Andrew gained considerable corporate finance experience in London with Standard Bank, West Deutsche Landesbank and Coopers & Lybrand. He trained and qualified as a Chartered Accountant and has a bachelor’s degree in Commerce from the University of Natal, South Africa. Andrew is a Chartered Accountant with over 15 years’ experience in the technology industry. None None 29 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryCorero Network Security plc Annual Report and Accounts 2018 CHAIRMAN’S INTRODUCTION CORERO IS WELL PLACED FOR ACCELERATED GROWTH. “ I am pleased to present Corero’s Corporate Governance Report for the year ended 31 December 2018.” Board commitment to governance The Board is committed to upholding high standards of corporate governance, protecting and growing shareholder value, and engaging in a fair and transparent manner with all of the Group’s stakeholders. The Board therefore supports and is committed to the principles of the QCA Corporate Governance Code which was published on 25 April 2018 and which has been applied by Corero with effect from 28 September 2018. The Board takes responsibility for approving the Group’s long-term goals and strategies, and provides overall financial and organisational control. The Board also ensures that the Group has appropriate and effective internal control and risk management systems. Board leadership and effectiveness The Board recognises that to remain effective it must ensure that it has the right balance of skills, experience, knowledge and independence to enable it to discharge its duties and responsibilities. The Directors believe in the necessity for challenge and debate in the boardroom and consider that existing Board dynamics and processes encourage honest and open debate with the Executive Directors. We have for the first time conducted an internal Board evaluation review earlier this calendar year. The review showed that the Board is operating effectively. Board composition The Board currently comprises two executive Directors and three Non-Executive Directors (including the Chairman), two of whom are independent. Peter George was appointed to the Board on 3 January 2019 to both broaden our US reach and deliver a greater balance of independence to our Board. The notice of AGM will include a resolution to reappoint Richard Last and Ashley Stephenson who retire by rotation in accordance with the Company’s Articles of Association, and Peter George who was appointed since the last AGM. Our culture Successful companies have a strong culture and deeply rooted shared values. In common with most intellectual property businesses, at Corero, we know that the skills, experiences and passion of our employees are genuinely what make our products and services market leading. The Corero culture has been shaped by both our long-standing experience in the United States and our more recent expansion into Europe. With a growing business, the level of team diversity and multi-site operations, we have recognised the importance of our culture and values. Corero’s agreed values, which have been defined in conjunction with our employees, are: • Integrity • Customer delight • Innovation • Open and honest communications • Empowerment Corero has invested in an online tool, known as Kudos, which is being used to acknowledge, reinforce and measure the values-supporting behaviours and actions taken by Corero team members. The Board undertakes informal enquiries of employees to ensure these values are upheld and promoted to ensure a healthy corporate culture. Board meetings are held at Corero’s offices in the US and UK which gives the Board the opportunity to informally interact with employees based at those office locations. 2018 performance Corero’s revenue of $10.0 million for the year ended 31 December 2018 was below expectations as a result of the longer time required to ramp up new go-to-market partners and secure contracts. Corero has continued to manage its cost base with adjusted operating expenses in 2018 13.3% below the prior year; this contributed to the significant reduction in the Group EBITDA loss for the year of $2.1 million (2017: restated EBITDA loss $5.0 million). To achieve the stated goal of being EBITDA positive and cash generative by the end of 2019, the focus for Corero is to scale its revenue by executing on its three-pronged go-to-market focus of direct sales, indirect channel sales and partner sales. In order to capitalise on the recently announced global resale partnership agreement with Juniper and to focus on maximising revenues from both direct and new go-to-market indirect sales channels, Corero intends to expand its US-based management team which will include the appointment of a head of global sales. Strategic focus Corero is focused on delivering a step change in revenue and scaling the business for profitability. In SmartWall, Corero has a market leading product and the development focus is to maintain this competitive advantage. Looking ahead Corero enters 2019 against a backdrop of positive momentum underpinned by a broader go-to-market strategy and a stronger new business pipeline. Management is focused on delivering revenue growth, adding new customers, and targeting being EBITDA positive and cash generative by the end of 2019. I would like to give thanks to our institutional and private investors for their continued support. Finally, thank you to all our employees for their hard work and commitment. Jens Montanana Chairman 10 April 2019 30 CORPORATE GOVERNANCE REPORT CORERO HAS APPLIED ALL TEN PRINCIPLES DETAILED IN THE QCA CODE. The Board recognises the importance of sound corporate governance and have developed governance policies appropriate for the size of the Group. Corero is committed to compliance with the provisions of the QCA Corporate Governance Code (“the QCA Code”) published by the Quoted Companies Alliance. The following is a list of the 10 core principles of the QCA Code applied by the Company. #1 ESTABLISH A STRATEGY AND BUSINESS MODEL TO PROMOTE LONG- TERM VALUE FOR SHAREHOLDERS #2 UNDERSTANDING AND MEETING SHAREHOLDERS NEEDS AND EXPECTATIONS #3 TAKE INTO ACCOUNT WIDER STAKEHOLDER AND SOCIAL RESPONSIBILITIES AND THEIR IMPLICATIONS FOR LONG-TERM SUCCESS #10 COMMUNICATE HOW THE COMPANY IS GOVERNED AND IS PERFORMING BY MAINTAINING DIALOGUE WITH SHAREHOLDERS AND OTHER RELEVANT STAKEHOLDERS APPLIED CODE PRINCIPLES #4 EMBED EFFECTIVE RISK MANAGEMENT, CONSIDERING BOTH OPPORTUNITIES AND THREATS, THROUGHOUT THE ORGANISATION #9 MAINTAIN GOVERNANCE STRUCTURES AND PROCESSES THAT ARE FIT FOR PURPOSE AND SUPPORT GOOD DECISION-MAKING BY THE BOARD #8 PROMOTE A CORPORATE CULTURE THAT IS BASED ON ETHICAL VALUES AND BEHAVIOURS #6 ENSURE THAT BETWEEN THEM THE DIRECTORS HAVE THE NECESSARY UP-TO-DATE EXPERIENCE, SKILLS AND CAPABILITIES #7 EVALUATE BOARD PERFORMANCE BASED ON CLEAR AND RELEVANT OBJECTIVES, SEEKING CONTINUOUS IMPROVEMENT #5 MAINTAIN THE BOARD AS A WELL-FUNCTIONING, BALANCED TEAM LED BY THE CHAIR 31 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryCORPORATE GOVERNANCE REPORT CONTINUED #1 ESTABLISH A STRATEGY AND BUSINESS MODEL TO PROMOTE LONG-TERM VALUE FOR SHAREHOLDERS #2 UNDERSTANDING AND MEETING SHAREHOLDERS NEEDS AND EXPECTATIONS Corero’s strategy is focused on the following key areas: • Scaling the business for profitability • Investment in sales and marketing to drive sales growth • Maintaining competitive advantage • Continuing to focus on customer satisfaction The Company is focused on maintaining high gross margins, a high proportion of recurring revenue, and an appropriate operating cost base with the goal of being EBITDA profitable and cash generating by the end of 2019. The key challenges in the execution of the Company’s strategy, and risk factors, are: • Sales growth • Market awareness • Technology change and innovation • Retention of senior management and employees All of these are covered in greater detail in the Strategic Report on pages 8 to 27. Corero is committed to listening and communicating openly with its shareholders to ensure that is strategy, business model and performance are clearly understood. Understanding the views of analysts and investors, and seeking an active dialogue to help these audiences understand the Corero business, is important to driving the business forward. Corero does this via investor roadshows, attending investor conferences and regular financial reporting. Corero engages with shareholders in the following ways: • Meetings with institutional and material private shareholders (those holding more than 1% of Corero issued shares) as part of the year end and interim results announcement roadshows. The Board is kept informed of the views and concerns of any major shareholders, with any significant reports from analysts circulated to the Board. • The Chairman meets with major shareholders at least annually. • Attendance at private investor conferences and forums. Shareholders will be informed of such events by Corero issuing an RNS Reach announcement. • Corero utilises both regulatory and non-regulatory channels to keep shareholders informed on Company progress and performance. • Corero engages with shareholders and responds to questions sent by email to investorrelations@corero.com. In addition, Corero’s AGM is a forum for dialogue with all shareholders. The Notice of AGM is sent to shareholders at least 21 days prior to the meeting. Corero’s web site, under the “Investors” section, contains information to satisfy shareholder needs. Andrew Miller, Corero’s CFO, is primarily responsible for shareholder liaison. Andrew can be contacted on +44 1895 876 382 or by email at andrew.miller@corero.com. If shareholders wish to discuss any matters with Corero’s Chairman, Jens Montanana, he can be contacted by email at jens.montanana@corero.com. 32 Corero Network Security plc Annual Report and Accounts 2018#3 TAKE INTO ACCOUNT WIDER STAKEHOLDER AND SOCIAL RESPONSIBILITIES AND THEIR IMPLICATIONS FOR LONG-TERM SUCCESS #4 EMBED EFFECTIVE RISK MANAGEMENT, CONSIDERING BOTH OPPORTUNITIES AND THREATS, THROUGHOUT THE ORGANISATION Corero recognises that long-term success is underpinned by good relations with its key stakeholders, both internal (workforce) and external (suppliers, customers, regulators and others). As part of Corero’s annual planning and budgeting process, the Company identifies its stakeholders and their respective needs, interests and expectations. In addition, the strategy for engaging with these stakeholder groups is formulated and implemented. Corero values feedback from its stakeholders and proactively endeavours to address any matter identified. To date feedback has been gathered from: customers and partner feedback relating to Corero’s products and services; employees as part of quarterly Company updates; and shareholders. The Directors believe that the employees of the Company are one of its most important assets and the continued and sustained development of the Company relies on its ability to retain and attract employees of a high standard. Corero is proud to have over one-third of its employees with more than five years’ service. The Corero equal opportunities policy ensures that all job applicants and employees are treated fairly and without favour or prejudice. We are committed to applying this policy throughout all areas of employment, recruitment and selection, training, development and promotion. Employees are regularly informed of matters concerning their interest and the financial factors affecting the Company. The Company uses company-wide forums to communicate matters as well as team and individual meetings. Corero is committed to promoting sustainability. We aim to follow and to promote good sustainability practice, to carry out our operations in a way which manages and minimises any adverse environmental impacts from our activities. Corero encourages the reuse or recycling of office waste, including paper, packaging, computer supplies and redundant equipment. Wherever possible Corero ensures that waste materials are disposed of in an environmentally safe manner and in accordance with regulations. The Company operates a risk assessment process, which is embedded in day-to-day management and governance processes. As part of the annual planning and budgeting process, Corero management document the significant risks identified, the probability of those risks occurring, their potential impact and the plans for managing and mitigating each of those risks. The Board reviews the annual risk assessment including an annual assessment of the effectiveness of the Company’s internal control system, comprising financial, operational and compliance controls, to ensure that the Company’s risk management framework identifies and addresses all relevant risks in order to execute and deliver the Company’s strategy. The Directors are responsible for the Company’s system of internal control and for reviewing its effectiveness, whilst the role of management is to implement policies on risk management and control. The Company’s system of internal control is designed to manage, rather than eliminate, the risk of failure to achieve the Company’s business objectives and can only provide reasonable, and not absolute, assurance against material misstatement or loss. The Company operates a series of controls to meet its needs. These controls include, but are not limited to, the annual strategic planning and budgeting process, a clearly defined organisational structure with authorisation limits, reviews by senior management of monthly financial and operating information including comparisons with budgets, and forecasts to the Board. The Audit, Risk and Compliance Committee (“ARCC”) reviews the effectiveness of internal controls. The ARCC receives reports from management and observations from the external auditors concerning the system of internal control and any material control weaknesses. Significant risk issues, if any, are referred to the Board for consideration. The auditors report, assessment of the effectiveness of the internal control system and key judgements report for the Annual Report and Accounts for the year ended 31 December 2017 were tabled and reviewed by the ARCC during the year ended 31 December 2018, as well the Corero Risk Register and Stakeholder Analysis. Given the size of the Company, the Board has concluded it is not appropriate to establish a separate, independent internal audit function. The Board will keep this under review. 33 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryCORPORATE GOVERNANCE REPORT CONTINUED #5 MAINTAIN THE BOARD AS A WELL-FUNCTIONING, BALANCED TEAM LED BY THE CHAIR The Board The Board sets Corero’s overall strategic direction, reviews management performance and ensures that the Company has the necessary financial and human resource in place to meet its objectives. The Board is satisfied that the necessary controls and resources exist within the Company to enable these responsibilities to be met. Operational management of the Company is delegated to the Chief Executive Officer. The Board comprises the Non-Executive Chairman, two Executive Directors and two independent Non-Executive Directors whose Board and Committee responsibilities are set out below: Non-Executive / Executive Director Non-Executive Non-Executive Non-Executive Executive Executive Board Chairman Member Member Member Member Audit, Risk and Compliance Committee Nomination and Remuneration Committee Member Chairman Chairman Member Member** Jens Montanana Richard Last Peter George* Ashley Stephenson Andrew Miller * appointed 3 January 2019 ** appointed 8 April 2019 The composition of the Board is reviewed regularly. Appropriate training, briefings, and inductions are available to all Directors on appointment and subsequently as necessary, taking into account existing qualifications and experience. The Director employment and service contracts are summarised below: Non-Executive Directors, per their letters of appointment, have a time commitment to the Company of not less than eight days per annum including the attendance of Board meetings and the Company AGM. In addition, Non-Executive Directors are expected to devote appropriate preparation time ahead of each meeting. • Ashley Stephenson has an employment agreement which provides for the payment of six months’ base salary if the agreement is terminated by the Company without cause. • Andrew Miller, Executive Director, has an employment agreement which can be terminated by either party on not less than six months’ written notice. The agreement contains provisions for early termination in certain circumstances. • The Non-Executive Directors letters of appointment are for 12-month terms and provide that the appointment may be terminated by either party giving to the other not less than three months’ notice. One third of all Directors are subject to annual reappointment by shareholders as well as any Director appointed to the Board in the period since the last AGM, any Non-Executive Director whose tenure is more than nine years or whose independence is the subject of Board judgement. Richard Last and Ashley Stephenson will be offering themselves for re-election at the forthcoming AGM, as well as Peter George who was appointed since the Company’s last AGM. The Board meets on average once a quarter; additional meetings or conference calls are held as required. Each Director is provided with sufficient information to enable them to consider matters in good time for meetings and enable them to discharge their duties properly. 34 Corero Network Security plc Annual Report and Accounts 2018The Board also ensures that the principal goal of the Company is to create shareholder value, while having regard to other stakeholder interests and takes responsibility for setting the Company’s values and standards. The Board has a formal schedule of matters reserved to it for consideration and approval. These include: Strategy and management • Responsibility for the overall strategy and management of the Company • Approval of strategic plans and budgets and any material changes to them • Approval of the acquisition or disposal of subsidiaries and major investments, projects and contracts • Changes relating to the Company’s capital structure • Delegation of the Board’s powers and authorities Financial matters and internal controls • Oversight of the Company’s operations ensuring competent and prudent management, sound planning and management of adequate accounting and other records • Approval of the annual and interim financial statements and accounting policies • Approval of the dividend policy • Ensuring an appropriate system of internal control and risk management is in place Corporate Governance • Approval of changes to the structure, size and composition of the Board • Review of the management structure and senior management responsibilities • With the assistance of the Nominations and Remuneration Committee, approval of remuneration policies • Consideration of the independence of the Non-Executive Directors • Receiving reports on the views of the Company’s shareholders The Board receives monthly briefings on the Company’s performance (including detailed commentary and analysis), key issues and risks affecting the Company’s business. The Company maintains liability insurance for its Directors and Officers. The Company has also entered into indemnity agreements with the Directors, in terms of which the Company has indemnified its Directors, subject to the Companies Act limitations, against any liability arising out of the exercise of the Directors’ powers, duties and responsibilities as a Director or Officer. In the year ended 31 December 2018, the Board met on four scheduled occasions; further meetings and conference calls were held as and when necessary (with five additional such meetings in the year ended 31 December 2018). Details of Directors’ attendance at scheduled meetings in the year to 31 December 2018 is shown in the table below: Meetings attended Jens Montanana Richard Last Ashley Stephenson Andrew Miller Andrew Lloyd* 9/9 9/9 9/9 9/9 9/9 * appointment terminated on 4 January 2019 Note: Peter George was appointed on 3 January 2019 Directors’ conflict of interest The Company has effective procedures in place to monitor and deal with conflicts of interest. The Board is aware of the other commitments and interests of the Directors, and changes to these commitments and interests are reported to and, where appropriate, agreed with the rest of the Board. 35 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryCORPORATE GOVERNANCE REPORT CONTINUED #6 ENSURE THAT BETWEEN THEM THE DIRECTORS HAVE THE NECESSARY UP-TO-DATE EXPERIENCE, SKILLS AND CAPABILITIES #7 EVALUATE BOARD PERFORMANCE BASED ON CLEAR AND RELEVANT OBJECTIVES, SEEKING CONTINUOUS IMPROVEMENT The Board is satisfied that, between the Directors, it has an effective and appropriate balance of skills and experience, including operational, commercial and technology expertise and experience. All members of the Board have at least 15 years’ technology experience through investing in and working for a range of companies from start-ups to large established technology companies, with complementary financial, commercial, sales and marketing skills. All Directors are able to take independent legal advice in relation to their duties, if necessary at the Company’s expense. In addition, the Directors have direct access to the advice and services of the Company Secretary and Chief Financial Officer. The Directors keep their skills up to date through a combination of their other roles (if applicable), attending appropriate training courses and seminars funded by the Company if appropriate, and by reading widely. Corero’s Chairman, Jens Montanana, is a material shareholder with an equity interest in Corero of 38.4% at 9 April 2019, and is the Company’s largest shareholder. His interests are strongly aligned with all shareholders. The Corero Board members biographies and their relevant experience, capabilities and skills and are set out on pages 28 and 29. There are no external advisers to the Board or any of its committees, other than the auditors (BDO LLP). It has not been deemed necessary to formalise a training and development programme for each Director. Corero has established a Board effectiveness review to enable the Board to stand back and assess its strengths and areas for development. This review will be conducted internally and will be performed annually. The first such review was conducted in January 2019. The review showed that the Board is operating effectively. The recommendations following this review were: • Annual away-day strategy review to be held. • Chairman to meet with each Director annually to undertake a formal review of each individuals’ performance, development plans and performance of the Board and committees. The Board plans to refresh the performance assessment process based on external advice and if appropriate engage a third-party facilitator to assist in the performance of such effectiveness reviews every three years. Given Corero’s size, the Company does not have internal succession candidates for the Executive Directors. In the event an Executive Director replacement is required, the Company would seek to recruit a replacement through a recruitment search process. The Board are satisfied that the Company’s middle management will ensure the Company’s business is not adversely impacted in the period between an Executive Director leaving and a replacement being recruited. The Corero NRC reviews and recommends nominees as new Directors to the Board. Senior management appointments are required to be approved by the Corero NRC. The performance of the Executive Directors is measured against the internal budget with a performance related bonus for exceeding the internal budget targets. The members of the NRC do not have any conflicts from cross-directorships that relate to the business of the committee. The members of the NRC do not have any day-to-day involvement in the running of the Group. The NRC’s remit is to measure the performance of and determine the remuneration policy relating to Directors and senior employees. To support this responsibility, it has access to professional and other advice external to the Group. Taking the performance factors into account, it then makes recommendations to the Board. 36 Corero Network Security plc Annual Report and Accounts 2018#8 PROMOTE A CORPORATE CULTURE THAT IS BASED ON ETHICAL VALUES AND BEHAVIOURS Corero recognises the importance of culture and values and in conjunction with employees defined the Company’s agreed values: • Integrity • Customer delight • Innovation • Open and honest communications • Empowerment Corero has invested in an online tool, known as Kudos, which is being used to acknowledge, reinforce and measure the values-supporting behaviours and actions taken by team members. The Corero equal opportunity policy sets out the Company’s position on equal opportunity in all aspects of employment. The policy has been developed to maintain the following policy objectives: • To provide a safe and welcoming environment, in which individuals are valued, included and respected; • To eliminate unfair discrimination; • To advance equality of opportunity; and • To foster good relations between different groups of people. To assist the work of the NRC, the views of the Chief Executive Officer and Chief Financial Officer are also invited where appropriate. However, they do not participate in any decision related to their own remuneration. The Group is committed to the governing objective of maximising shareholder value over time. Each year the remuneration framework and the packages of the Directors are reviewed to ensure they continue to achieve this objective. The Group operates in the cyber security market which is a market with significant growth potential. It is also a competitive market with a number of players who are significantly larger than Corero. The Group’s executive Director remuneration policy is designed to attract and retain Directors of the calibre required to maintain the Group’s position in its marketplace. This is maintained through the use of bonus and share option schemes, as follows: Bonus A cash bonus designed to incentivise specific short-term financial goals. Goals and objectives are set for the executive Directors with a significant weight being put on meeting and exceeding key financial performance metrics. Executive Directors’ bonuses are set at two-thirds of base salary. Share options Share options are granted to encourage and reward delivery of the Company’s long-term strategic objectives and provide alignment with shareholders through the use of share-based incentives. All share-based incentives offered to Directors have a 3-year vesting schedule, with one-third vesting on the first anniversary of the grant/start date, a further third on the second anniversary of the grant/start date and the final third the third anniversary of the grant/start date. Shares acquired on the exercise of options may not be sold until the second anniversary of the grant date. Share options are granted with an exercise price set at the higher of market price or such other price as determined by the NRC. 37 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryCORPORATE GOVERNANCE REPORT CONTINUED #9 MAINTAIN GOVERNANCE STRUCTURES AND PROCESSES THAT ARE FIT FOR PURPOSE AND SUPPORT GOOD DECISION-MAKING BY THE BOARD #10 COMMUNICATE HOW THE COMPANY IS GOVERNED AND IS PERFORMING BY MAINTAINING DIALOGUE WITH SHAREHOLDERS AND OTHER RELEVANT STAKEHOLDERS The Company communicates with shareholders through the Annual Report and Accounts, full-year and half year results announcements, the AGM and one-to-one meetings with institutional and material private shareholders and potential new shareholders. A range of corporate information (including Company announcements and presentations) is also available to all shareholders, investors and the public on the Company website www.corero.com/investors The Board receives regular updates on the views of shareholders through briefings and reports from the Chairman, Chief Executive Officer, Chief Financial Officer and the Company’s brokers and financial public relations advisers. The Company communicates with institutional and material shareholders through briefings with management, and with retail shareholders and potential investors through investor conferences. The Company conducts regular updates to maintain an open dialogue with employees and reviews with customers as part of its strategy to maintain high levels of customer delight. The Board The Board sets Corero’s overall strategic direction, reviews management performance and ensures that the Company has the necessary financial and human resource in place to meet its objectives. The Board is satisfied that the necessary controls and resources exist within the Company to enable these responsibilities to be met. Audit, Risk and Compliance Committee (“ARCC”) The ARCC has responsibility for planning and reviewing the Group’s interim and preliminary reports and accounts. The ARCC determines the application of the financial reporting and internal control and risk management procedures and the scope, quality and results of the external audit. Nominations and Remuneration Committee (“NRC”) The remuneration committee is responsible for the policy for the remuneration of the executive Directors and senior management. The NRC reviews and recommends nominees as new Directors to the Board and reviews the performance of the Executive Directors and sets the remuneration of the Executive Directors. In addition, the NRC determines the payment of bonuses to Executive Directors and approves the Company’s bonus and incentive arrangements for employees. Evolution of the Company’s governance framework The Board will on an on-going basis, and as the Company’s business develops and grows, review the appropriateness of the governance framework, including the composition of the Board and the requirement for an internal audit function, to ensure the Company delivers on its strategy and goals whilst maintaining appropriate governance structures. 38 Corero Network Security plc Annual Report and Accounts 2018COMMITTEE REPORTS Audit, Risk and Compliance Committee (“ARCC”) Report The ARCC members comprise Richard Last, who is the Committee Chairman, and Jens Montanana, and meets at least twice a year. The Company’s Chief Financial Officer and Group Financial Controller, and the Company’s external auditors attend the meetings. In the year ended 31 December 2018, the ARCC met on two occasions. The attendance of individual Committee members at ARCC meetings in the year to 31 December 2018 is shown in the table below: Nominations and Remuneration Committee (“NRC”) Report The NRC comprises Peter George (appointed the Committee Chairman on 8 April 2019), Jens Montanana (who was the Committee Chairman up to 8 April 2019), and Richard Last. The NRC meets at least twice a year. In the year ended 31 December 2018, the NRC met on two scheduled occasions; further meetings and conference calls were held as and when necessary (with four additional such meetings in the year ended 31 December 2018). The attendance of individual Committee members at NRC meetings in the year to 31 December 2018 is shown in the table below: Richard Last Jens Montanana Meetings attended 2/2 2/2 Richard Last Jens Montanana Meetings attended 6/6 6/6 The ARCC’s activities during the year, based on its terms of reference, are set out below: • Reviewed the scope and results of the external audit, its cost effectiveness and the objectivity of the auditors. • Reviewed prior to publication, the interim financial statements, preliminary results announcement, the annual financial statements and the other information included in the Annual Report. • Considered the regulatory, technical and operational risks of the Company and ensured these risks are properly assessed, monitored and reported on and the appropriate policies and procedures are in place The key financial reporting judgements relating to the financial statements for the year ended 31 December 2018 which the ARCC have considered and discussed with the auditors, include: Financial Statements note Going concern basis for financial statements Revenue recognition and the application of IFRS 15 Carrying value of goodwill and intangible assets 2.2 2.5 8 The ARCC are satisfied with the treatment in the financial statements and the disclosure in the notes. Note: Peter George was appointed to the NRC on 8 April 2019 The NRC’s activities during the year, which are based on its terms of reference, are set out below: • Reviewed and recommended nominees as new Directors to the Board. • Reviewed the performance of the Executive Directors and set the remuneration of the Executive Directors. • Determined the payment of bonuses to Executive Directors and approved the Company’s bonus and incentive arrangements for employees. • Ensured the Company’s share option schemes were operated properly and approved the share option grants to Executive Directors and employees. The remuneration of the Chairman and Non-Executive Directors is decided upon by the Board. Details of Directors’ remuneration for the year ended 31 December 2018 is set out in note 22 of the financial statements. Jens Montanana has elected to waive the fees payable to him for the financial year ended 31 December 2018. 39 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryThe market price of the ordinary shares at 31 December 2018 was 12.5p and the shares traded in the range 5.5p to 13.35p during the year. Issue of shares At the AGM held on 5 June 2018, shareholders granted authority to the Board under the Articles and section 551 of the Companies Act 2006 (the ‘Act’) to exercise all powers of the Company to allot relevant securities up to an aggregate nominal amount of £1,283,276.20. Also at the AGM held on 5 June 2018, shareholders granted authority to the Board under the Articles and section 570(1) of the Act to exercise all powers of the Company to allot equity securities wholly for cash up to an aggregate nominal amount of £384,982.86 without application of the statutory pre-emption rights contained in section 561 (1) of the Act. DIRECTORS’ REPORT Group results The Group’s Statement of Comprehensive Income on page 48 shows a loss for the year of $5.2 million (2017: restated loss $8.4 million). Going concern The financial position and cash flows are described in the Financial Review on pages 25 to 27. An indication of likely future developments affecting the Company is included in the Strategic Report on pages 8 to 27. The Directors are, based on detailed financial projections, of the opinion that the Group and Company has adequate working capital to continue as a going concern for the foreseeable future and, in particular, for a period of at least 12 months from the date of approval of these financial statements. The financial projections take into account the operational progress made by the Company over the past year and future opportunities as described in the Chief Executive Strategic Update on pages 8 to 15, and the Group’s Strategy as detailed on page 22 which is focused on scaling the business towards profitability. On this basis, the Directors have therefore concluded that it is appropriate to prepare the financial statements on a going concern basis. The financial statements do not include the adjustments that would result if the Group and Company was unable to continue as a going concern. Further details are included within notes 2 and 3 to the financial statements. However, the ability of the Company and Group to achieve the future profit and cash flow projections cannot be predicted with certainty. Failure of the Company and the Group to meet these projections and deliver revenue growth may adversely impact the achievability of the bank loan covenants which may result in the bank loan being required to be repaid before the maturity date if the revenue covenants are not met and cannot be renegotiated. This would adversely impact the Company and the Group’s working capital position and would require the Company to raise additional funding, with no guarantee such funding would be secured. Taken together, the achievability of the projections and availability of additional funding if required indicate a material uncertainty that may cast significant doubt on the Company and the Group’s ability to continue as a going concern for the foreseeable future. Dividends The Directors have not recommended a dividend (2017: $nil). Share capital The issued share capital of the Company, together with details of movements in the Company’s issued share capital during the financial period are shown in note 20 to the financial statements. As at the date of this report, 401,995,161 ordinary shares of 1p each (“ordinary shares”) were in issue and fully paid with an aggregate nominal value of $5.7 million. Substantial shareholdings The Company has been notified of the following holdings that are 3% or more of the Group’s ordinary share capital as at 10 April 2019: Ordinary shares of 1 pence each Jens Montanana* Miton UK Microcap Trust PLC Richard John Koch Herald Investment Management Sabvest Capital Holdings Limited Peter Kennedy Gain** Juniper Networks Inc. Number 154,382,609 61,223,917 32,936,500 30,306,406 28,000,000 21,278,246 17,008,969 % 38.40 15.23 8.19 7.54 6.97 5.29 4.23 * of which 25,987,889 are held in the name of JPM International Limited, which is wholly owned by Jens Montanana, and 94,258,302 are held in the name of The New Millennium Technology Trust of which Jens Montanana is a beneficiary ** of which 4,900,000 shares are held in the name of Draper Gain Investments Ltd 40 Corero Network Security plc Annual Report and Accounts 2018Directors’ shareholdings 9 April 2019 31 December 2018 31 December 2017 Number 154,382,609 2,000,000 – 38,000 1,091,437 – % 38.4 0.5 – 0.0 0.3 – Number 154,382,609 2,000,000 – 38,000 1,091,437 400,000 % 38.4 0.5 – 0.0 0.3 0.1 Number 138,000,000 1,316,667 – 38,000 1,091,437 300,000 % 43.8 0.4 – 0.0 0.4 0.1 Jens Montanana Richard Last Peter George Ashley Stephenson Andrew Miller Andrew Lloyd* * resigned 4 January 2019 Directors’ indemnities The Company has qualifying third party indemnity provisions in place for the benefit of its Directors. These remain in force at the date of this report. Directors and Directors’ interests The Directors who served in office during the year and up to the date of this report and their interests in the Company’s shares were as above. The biographical details of the current Directors of the Company are set out on pages 28 and 29. Jens Montanana, Richard Last, Ashley Stephenson, and Andrew Miller hold share options, details of which are shown in note 25 to the financial statements. In addition, Peter George was granted 750,000 options over new ordinary shares of 1p each on 4 January 2019 at an exercise price of £0.1125 per share. Financial risk management objectives and policies The Group’s business activities expose it to a variety of financial risks. The policies for managing these risks are described below: • Liquidity risk – arises from the Group’s management of working capital and finance charges. It is a risk that the Group will encounter difficulty in meeting its financial obligations, including a repayment term bank loan drawn down by the Company in May 2018 ($3.6m at 31 December 2018) details of which are set out in note 16, as they fall due. Liquidity risk is managed by the finance function. Annual budgets are agreed by the Board, enabling the Group’s cash flow requirements to be anticipated. • Credit risk – arises from cash and cash equivalents and from credit exposures to the Group’s customers including outstanding receivables and committed transactions. Credit risk is managed with regular reports of exposures reviewed by management. The Group does not set individual credit limits but seeks to ensure that customers enter into legally enforceable contracts that include settlement terms that demonstrate the customers’ commitment to the transaction and minimise this risk exposure. The amounts of trade receivables presented in the Statement of Financial Position are shown net of allowances for doubtful accounts estimated by management based on prior experience and their assessment of the current economic environment (note 14). The Group has no significant concentration of credit risk, with exposure spread over a number of customers. The credit risk on liquid funds and financial instruments is limited because the counterparties are banks with acceptable credit ratings assigned by international credit rating agencies. • Cash flow interest rate risk – the Group’s policy is to as far as possible minimise interest rate cash flow risk exposure on its financing. The Group is exposed to interest rate increases on the term bank loan ($3.6 million at 31 December 2018) details of which are set out in note 16, which bears interest at 3-month GBP Libor plus 7.5%. The bank loan does not have early repayment penalties and thus the Group can if GBP interest rates increase to punitive levels, seek to refinance the loan. The Group’s policy is to balance the risk in relation to cash balances held by spreading these across a number of financial institutions as opposed to maximising interest income. • Currency risk – there was no material impact from trading currency risk on the Group’s profit or loss for the year from exchange rate movements, as foreign currency transactions are entered into by Group companies whose functional currency is aligned with the currencies in which it transacts. Exchange rate risks do arise in relation to (i) the bank loan which is GBP denominated and equity fund raises which are in GBP, given the Company’s AIM listing, to the extent such funds are required to support US dollar denominated funding requirements, and (ii) GBP denominated obligations of the Group given the invoicing currency of the Group is US dollar denominated. The Group has not hedged such GBP debt and equity fund raises or GBP denominated expenses in the past as US denominated funds received by the Group’s UK subsidiary have been used to fund the Group’s US subsidiary to the extent such funding has been required, with the GBP funding requirements satisfied from the GBP denominated funds generated from GBP debt and equity fund raises. The Group keeps this policy under review based on the expected timing of US dollar and GBP operational funding requirements. The principal risk which applies to the parent Company’s financial statements is the risk that the returns generated by the subsidiaries might not support the carrying value of the cost of the investments in subsidiaries. The carrying value is tested at least annually for impairment and, if necessary, impaired. 41 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryAuditors In so far as each Director is aware: • there is no relevant audit information of which the Company’s auditors are unaware; and • the Directors have taken all the steps that they ought to have taken to make themselves aware of any relevant audit information and to establish that the Company’s auditors are aware of that information. By order of the Board Duncan Swallow Company Secretary 10 April 2019 Research and development The development of computer software is an integral part of the Group’s business and the Group continues to develop its core software in response to user demand, and particularly the changing IT security threat landscape, and changes in software technology. During the year the Group enhanced its existing products and developed new products. A capital investment of $1.7 million (2017: $2.2 million) was made during the year. Amortisation of $2.9 million (2017: $2.4 million) and costs not capitalised of $0.9 million (2017: £1.5 million) were charged to the Statement of Comprehensive Income during the year. Employees The quality and commitment of the Group’s employees has played a major role in the Company’s progress. This has been demonstrated in many ways, including strong customer satisfaction, the development of new product offerings and the flexibility employees have shown in adapting to changing business requirements. The Group operates sales commission, incentive bonus plans and share option plans to provide incentives for achievements which add value to the business. Annual General Meeting The AGM will be held at 68 Lombard Street, London, EC3V 9LJ on 21 May 2019 at 11.00 a.m. The notice convening the meeting is on page 85 together with details of the business to be considered. DIRECTORS’ REPORT CONTINUED Capital management The Group monitors its available capital, which it considers to be all components of equity against its expected requirements. The Group’s objectives when maintaining capital are to safeguard the entity’s ability to continue as a going concern, so that it can continue to provide returns for shareholders and benefits for other stakeholders, and to ensure that sufficient funds can be raised for investing activities. In order to maintain or adjust the capital structure, the Company may return capital to shareholders, issue new shares, or sell assets. The Group does not review its capital requirements according to any specified targets or ratios. Treasury management The objectives of Group treasury policies are to ensure that adequate financial resources are available for development of the business while at the same time managing financial risks. Financial instruments are used to reduce financial risk exposures arising from the Group’s business activities and not for speculative purposes. The Group’s treasury activities are managed by the Group Financial Controller who reports to the Board on the implementation of Group treasury policy. Environment The Group’s activities are primarily office based and as such the Directors believe that there is no significant environmental impact arising from the Group’s activities. The Group complies with local WEEE regulations. No environmental performance indicators are therefore included within this report. The Group’s environmental policy states: “We endeavour to recycle appropriate materials where possible and to efficiently use natural resources and energy supplies so as to minimise our environmental impact. We will comply with the relevant statutes and legislation. Furthermore, employees are encouraged to be environmentally aware. Company cars are not provided.” 42 Corero Network Security plc Annual Report and Accounts 2018STATEMENT OF DIRECTORS’ RESPONSIBILITIES The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Group’s transactions and disclose with reasonable accuracy at any time the financial position of the Group and enable them to ensure that the financial statements comply with the Companies Act 2006. They are also responsible for safeguarding the assets of the Group and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. The Directors are responsible for ensuring the annual report and the financial statements are made available on a website. Financial statements are published on the Company’s website in accordance with legislation in the United Kingdom governing the preparation and dissemination of financial statements, which may vary from legislation in other jurisdictions. The maintenance and integrity of the Company’s website is the responsibility of the Directors. The Directors’ responsibility also extends to the ongoing integrity of the financial statements contained therein. The Directors are responsible for preparing the Annual Report and Financial Statements in accordance with applicable law and regulations. Company law requires the Directors to prepare financial statements for each financial year. Under that law the Directors have elected to prepare the Group financial statements in accordance with International Financial Reporting Standards as adopted by the European Union (“IFRSs”). The Directors have chosen to prepare the Company financial statements in accordance with FRS101. Under company law the Directors must not approve the financial statements unless they give a true and fair view of the state of affairs of the Group and parent company and of the profit or loss of the Group for that period. The Directors are also required to prepare financial statements in accordance with the rules of the London Stock Exchange for companies trading securities on the AIM. In preparing these financial statements, the Directors are required to: • select suitable accounting policies and then apply them consistently; • make judgements and estimates that are reasonable and prudent; • state whether they have been prepared in accordance with IFRSs as adopted by the European Union, subject to any material departures disclosed and explained in the financial statements; and • prepare the financial statements on the going concern basis unless it is inappropriate to presume that the Group will continue in business. 43 OverviewStrategic ReportGovernanceFinancial StatementsNotice of AGMCorporate DirectoryINDEPENDENT AUDITOR’S REPORT to the members of Corero Network Security plc Opinion We have audited the financial statements of Corero Network Security plc (the ‘Parent Company’) and its subsidiaries (the ‘Group’) for the year ended 31 December 2018 which comprise the consolidated statement of comprehensive income, the consolidated and company statements of financial position, the consolidated statement of cash flows, the consolidated and company statements of changes in equity and the notes to the financial statements, including a summary of significant accounting policies. The financial reporting framework that has been applied in the preparation of the Group financial statements is applicable law and International Financial Reporting Standards (IFRSs) as adopted by the European Union. The financial reporting framework that has been applied in the preparation of the Parent Company financial statements is applicable law and United Kingdom Accounting Standards, including Financial Reporting Standard 101 Reduced Disclosure Framework (United Kingdom Generally Accepted Accounting Practice). In our opinion: • the financial statements give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 31 December 2018 and of the Group’s loss for the year then ended; • the Group financial statements have been properly prepared in accordance with IFRSs as adopted by the European Union; • the Parent Company financial statements have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice; and • the financial statements have been prepared in accordance with the requirements of the Companies Act 2006. Basis for opinion We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report. We are independent of the Group and the Parent Company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Material uncertainty related to going concern We draw attention to note 2.2 to the financial statements which states that the ability of the Group and Parent Company to continue as a going concern is reliant on the continued availability of its bank loan, the terms of which require compliance with certain covenants. Failure to achieve revenue and cashflow projections may adversely impact the achievability of the bank loan covenants which could result in the bank calling in the loan. This would require the Company to raise additional funding, with no guarantee such funding would be secured. These events and conditions indicate a material uncertainty exists that may cast significant doubt on the Group and Parent Company’s ability to continue as a going concern. Our opinion is not modified in respect of this matter. Given the conditions and uncertainties noted above, we considered going concern to be a key audit matter. We have performed the following work as part of our audit: • we reviewed the bank loan documents to understand the terms and covenants which the Group and Parent Company is required to comply with, comparing these to the Group’s forecasts; • we recalculated management’s covenant compliance calculations for the period under audit using the Directors’ forecasts for a period of at least 12 months from the date of approval of the financial statements, and compared them to the covenants in place for each period; • we obtained confirmations from the lending bank in relation to covenant requirements and compliance during 2018; and • we challenged the forecasts and sensitivity analysis used by the Director's to assess the Group’s and Parent Company’s ability to meet its financial obligations as they fall due for a period of at least 12 months from the date of approval of the financial statements, by examining post year end order values compared to forecast financial information and by comparing previous forecast financial performance to subsequent actual results. Key audit matters In addition to the matter described in the material uncertainty related to going concern section above, key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified including those which had the greatest effect on the overall audit strategy, the allocation of resources in the audit, and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. 44 Corero Network Security plc Annual Report and Accounts 2018Key Audit Matter Revenue recognition See accounting policy at note 2.5, the key accounting estimate at note 3.2 and note 4. The Group generates revenue primarily from the sale of hardware and associated software and related maintenance and support contracts. It does this directly through arrangements with end-users (either through the sale of hardware and a software licence or by selling the software as a service) as well as to distributors. The sales of licences may be on a perpetual or a fixed term basis. We considered there to be a significant audit risk arising from the allocation of the value of the transaction between the multiple elements or deliverables included in the sale as well as the timing of revenue recognition with regard to proper deferral of support revenues and cut off around the year end. Management also undertook an exercise prior to 2018 to evaluate the impact of IFRS 15 Revenue from Contracts with Customers on its financial statements. This is a complex development in IFRS which we considered to be part of the revenue recognition risk in the current year. Goodwill and intangible asset impairment See accounting policy at note 2.12 and note 8. In accordance with IAS 36, goodwill is tested for impairment annually and other non-current tangible assets with finite lives are tested for impairment whenever an indicator of impairment arises. Management performed an impairment review over its sole cash generating unit (CGU) – Corero Network Security (CNS) – as at 31 December 2018 using a discounted cash flow model to calculate fair value less costs to sell. The impairment review necessitates significant management judgement over the timing and degree of certainty attaching to forecast net cash flows and the rate at which those future cash flows should be discounted to present value. Certain key assumptions and data points are required to be disclosed along with sensitivity calculations where reasonably possible changes in key assumptions could give rise to an impairment. The accurate disclosure of such information formed part of the risk we assessed as being present. The recoverable amount of the Group’s CNS CGU was assessed as being higher than its carrying value at the reporting date and therefore, management concluded that the goodwill and intangible assets were not impaired at the reporting date. How we addressed the matter in our audit Our audit procedures included assessing the appropriateness of the revenue recognition policy in accordance with IFRS 15 and the work undertaken by management on the transition to that new accounting standard. We gained an understanding of the detail of the Group’s methodology in determining the fair value of the different deliverables in multiple element arrangements as set out in note 2.5 and examined management’s approach to fair value measurement, to ensure it provided a suitable basis on which to recognise revenues. We selected a sample of contracts for testing covering the Group’s different sales models. We assessed whether the revenue recognised was calculated in accordance with the Group’s accounting policy and in the correct period. We also tested the accuracy of the deferred income balance, which arises most commonly on deferred maintenance and support income, and tested a sample of transactions around the year end to ensure that they were recorded in the correct period. Our work on the impairment review prepared by management had a dual focus: firstly, to ensure the model was mechanically accurate and prepared in accordance with the detailed requirements of IAS36 and secondly, to ensure that the assumptions regarding future cash flows and the rate at which they had been discounted were appropriate to the Group’s circumstances. We used valuations and tax specialists in order to assist with our interrogation of the model and to support our assessment of the treatment of future tax savings arising from available losses. This work also included comparison to industry data, historic trading, and macro-economic factors. Our audit procedures relating to the review of operating cash flows included verification of the existence of selected post year end sales and company internal sales initiatives which are expected to drive growth in 2019, as well as a comparison of previous performance to expectations. We took into account previous shortfalls against sales targets and discussed key sensitivities with those charged with governance. Fundamental to this evaluation was a comparison of the forecasts in the impairment review to recent financial performance and budgets approved by the Board, verifying that the sensitivities prepared by management were sufficiently challenging. We examined development cost intangible assets and property, plant and equipment to determine that no additional impairment indicators in respect of specific assets within the CGU were present. We also considered the appropriateness of the disclosures made in notes 2.12, 12 and 8 to the financial statements, ensuring these were balanced in terms of content, factually and arithmetically accurate and included all information required under IAS 36 Impairment of Assets. 45 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsINDEPENDENT AUDITOR’S REPORT CONTINUED to the members of Corero Network Security plc Our application of materiality We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. For planning, we consider materiality to be the magnitude by which misstatements, including omissions, could influence the economic decisions of reasonable users that are taken on the basis of the financial statements. In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level, performance materiality, to determine the extent of testing needed. Misstatements below these levels will not necessarily be evaluated as immaterial as we also take account of the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements as a whole. Level of materiality applied and rationale Having re-examined the basis for setting materiality, we considered that using aggregate operating expenses and cost of sales as a benchmark is, at the current time, the most appropriate measure for assessing the Group’s scale of operations and level of activity. In the prior year, we referred to the EDITDA loss as our materiality benchmark. As the Group expects to move towards profitability, continuing to use EBITDA loss would in time have led to our materiality level becoming disproportionate to the scale of the Group’s activities. Using this benchmark, we set materiality at $297,000, being 2% of aggregate operating expenses and cost of sales (2017: $291,000, being 5% of EBITDA). Materiality in respect of the audit of the Parent Company has been set at $148,500 (2017: $145,000) based on 50% of Group materiality. Performance materiality was set at 75% of materiality for both the Group and Parent Company audits. In setting the level of performance materiality we considered a number of factors including the expected total value of known and likely misstatements (based on past experience and other factors) and management’s attitude towards proposed adjustments. Component materiality We set materiality for the Corero Network Security, Inc. component of the Group based on 80% (2017: 90%) of Group materiality as it makes up the majority of the Group’s external revenue generating activities. UK components were audited to a lower materiality of between 5% and 25% (2017: between 10% and 50%) of Group materiality. In the audit of each component, we further applied a performance materiality level of 75% of the component materiality level to our testing to ensure that the risk of errors exceeding component materiality was appropriately mitigated. Agreement with the Audit Committee We agreed with the Audit Committee that we would report to the Committee all Group audit differences individually in excess of $14,850 (2017: $13,000) and, in our audit of the Parent Company, those in excess of $7,500 (2017: $7,250). We also agreed to report differences below this threshold that, in our view, warranted reporting on qualitative grounds. An overview of the scope of our audit Our Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of internal control, and assessing the risks of material misstatement in the financial statements at the Group level. We obtained an understanding of the entity-level controls of the Group as a whole which assisted us in identifying and assessing risks of material misstatement due to fraud or error, as well as assisting us in determining the most appropriate audit strategy. A full scope audit was performed for each component included in the consolidation. All audit work was undertaken by the Group audit team. Other information The Directors are responsible for the other information. The other information comprises the information included in the Annual Report and Accounts other than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the financial statements or a material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. Opinions on other matters prescribed by the Companies Act 2006 In our opinion, based on the work undertaken in the course of the audit: • the information given in the strategic report and the Directors’ report for the financial year for which the financial statements are prepared is consistent with the financial statements; and • the strategic report and the Directors’ report have been prepared in accordance with applicable legal requirements. 46 Corero Network Security plc Annual Report and Accounts 2018Matters on which we are required to report by exception In the light of the knowledge and understanding of the Group and the Parent Company and its environment obtained in the course of the audit, we have not identified material misstatements in the strategic report or the Directors’ report. We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion: • adequate accounting records have not been kept by the Parent Company or returns adequate for our audit have not been received from branches not visited by us; or • the Parent Company financial statements are not in agreement with the accounting records and returns; or • certain disclosures of Directors’ remuneration specified by law are not made; or • we have not received all the information and explanations we require for our audit. Responsibilities of Directors As explained more fully in the Directors’ responsibilities statement set out on page 43, the Directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Parent Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so. Auditor’s responsibilities for the audit of the financial statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. A further description of our responsibilities for the audit of the financial statements is located on the Financial Reporting Council’s website: www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report. Use of our report This report is made solely to the Parent Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the Parent Company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Parent Company and the Parent Company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Julian Frost (Senior Statutory Auditor) For and on behalf of BDO LLP, Statutory Auditor 55 Baker Street London W1U 7EU United Kingdom 10 April 2019 BDO LLP is a limited liability partnership registered in England and Wales (with registered number OC305127). 47 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsCONSOLIDATED STATEMENT OF COMPREHENSIVE INCOME for the year ended 31 December 2018 Revenue Cost of sales Gross profit Operating expenses before highlighted items Depreciation and amortisation of intangible assets Operating expenses Operating loss Finance income Finance costs Loss before taxation Taxation Loss for the year Other comprehensive expense Items that will or may be reclassified to profit and loss: Difference on translation of UK functional currency entities Total comprehensive expense for the year Total loss for the year attributable to: Equity holders of the parent Total Total comprehensive expense for the year attributable to: Equity holders of the parent Total Basic and diluted loss per share Basic and diluted loss per share See note 2.5 for details regarding the restatement as a result of a change in accounting policy. The notes on pages 54 to 84 form part of these financial statements. Total 2018 $’000 9,951 (2,188) 7,763 (9,427) (3,300) (12,727) (4,964) 9 (268) (5,223) – Total 2017 Restated $’000 8,531 (2,126) 6,405 (11,993) (2,938) (14,931) (8,526) 5 (4) (8,525) 116 (5,223) (8,409) (711) 805 (5,934) (7,604) (5,223) (5,223) (8,409) (8,409) (5,934) (7,604) (5,934) (7,604) 2018 Cents (1.4) 2017 Restated Cents (3.0) Note 4 9,10,11 6 7 48 Corero Network Security plc Annual Report and Accounts 2018CONSOLIDATED STATEMENT OF FINANCIAL POSITION as at 31 December 2018 Assets Non-current assets Goodwill Acquired intangible assets Capitalised development expenditure Property, plant and equipment Trade and other receivables Current assets Inventories Trade and other receivables Cash and cash equivalents Liabilities Current Liabilities Trade and other payables Borrowings Deferred income Net current assets Non-current liabilities Trade and other payables Borrowings Deferred income Net assets Total equity attributable to owners of the parent Ordinary share capital Capital redemption reserve Share premium Share options reserve Translation reserve Retained earnings Total equity Note 2018 $’000 2017 Restated $’000 8 9 10 11 14 13 14 15 16 18 15 16 18 20 21 8,991 14 6,447 611 227 8,991 37 7,664 770 76 16,290 17,538 125 2,977 8,026 11,128 (1,799) (849) (2,034) (4,682) 6,446 (134) (2,757) (846) (3,737) 94 1,925 1,365 3,384 (1,305) – (1,702) (3,007) 377 – – (287) (287) 18,999 17,628 5,740 7,051 4,556 7,051 79,338 73,239 344 (2,029) (71,445) 18,999 322 (1,318) (66,222) 17,628 See note 2.5 for details regarding the restatement as a result of a change in accounting policy. These financial statements were approved by the Board of Directors on 10 April 2019 and signed on their behalf. Andrew Miller Director The notes on pages 54 to 84 form part of these financial statements. 49 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsCOMPANY STATEMENT OF FINANCIAL POSITION (Company number 02662978) as at 31 December 2018 Assets Non-current assets Investments in subsidiaries Trade and other receivables Current assets Trade and other receivables Cash and cash equivalents Liabilities Current Liabilities Borrowings Net current assets Non-current liabilities Trade and other payables Borrowings Net assets Equity Ordinary share capital Capital redemption reserve Share premium Share options reserve Translation reserve Retained earnings Total equity Note 2018 $’000 2017 $’000 12 14 14 16 15 16 20 21 25,118 72 21,015 7,043 25,190 28,058 6 7,294 7,300 (849) 6,451 (134) (2,757) (2,891) – 680 680 – 680 – – – 28,750 28,738 5,740 7,051 4,556 7,051 79,338 73,239 344 (12,073) (51,650) 28,750 322 (10,019) (46,411) 28,738 The Company financial statements were prepared in accordance with Financial Reporting Standard 101 Reduced Disclosure Framework. The Company has taken advantage of the following disclosure exemptions: the requirements of IAS 7 Statement of Cash Flows; IFRS 7 Financial Instruments Disclosures; and IAS 24 Related Party Disclosures. The Company has taken advantage of section 408 of the Companies Act 2006 and has not included an income statement in these financial statements. The parent Company’s loss for the year was $5.2 million (2017: $10.5 million). These financial statements were approved by the Board of Directors on 10 April 2019 and signed on their behalf. Andrew Miller Director The notes on pages 54 to 84 form part of these financial statements. 50 Corero Network Security plc Annual Report and Accounts 2018CONSOLIDATED STATEMENT OF CASH FLOWS for the year ended 31 December 2018 Cash flows from operating activities Loss for the year Adjustments for non-cash movements: Amortisation of acquired intangible assets Amortisation of capitalised development expenditure Depreciation Finance income Finance expense Taxation Qualifying research and development expenditure tax credit Share-based payment charge Decrease in inventories and as-a-service assets Increase in trade and other receivables Increase/(decrease) in payables Net cash used in operating activities Cash flows from investing activities Purchase of intangible assets Capitalised development expenditure Purchase of property, plant and equipment Net cash used in investing activities Cash flows from financing activities Net proceeds from issue of ordinary share capital after costs of $232,000 Finance income Finance expense Net proceeds from borrowings after costs of $143,000 Net cash generated from financing activities Effects of exchange rates on cash and cash equivalents Net increase/(decrease) in cash and cash equivalents Cash and cash equivalents at 1 January Cash and cash equivalents at 31 December See note 2.5 for details regarding the restatement as a result of a change in accounting policy. The notes on pages 54 to 84 form part of these financial statements. Group 2018 $’000 (5,223) 2017 Restated $’000 (8,409) Note 9 10 11 6 25 9 10 11 21 16 23 2,918 483 (9) 268 – – 22 100 (701) 293 55 2,408 548 (5) 4 (116) 116 21 127 (592) (201) (1,826) (6,044) – (1,701) (459) (2,160) 7,283 9 (222) 3,938 11,008 (361) 6,661 1,365 8,026 (10) (2,171) (497) (2,678) 6,995 5 (4) – 6,996 151 (1,575) 2,940 1,365 51 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsCONSOLIDATED STATEMENT OF CHANGES IN EQUITY for the year ended 31 December 2018 Share capital $’000 Capital redemption reserve $’000 Share premium account $’000 Share options reserve $’000 Translation reserve $’000 Retained earnings $’000 Total attributable to equity holders of the parent $’000 1 January 2017 (as previously stated) 3,119 7,051 67,681 Prior year adjustment – IFRS 15 Revenue from Contracts with Customers 1 January 2017 (as restated) Loss for the year Other comprehensive income Total comprehensive expense for the year (as restated) Contributions by and distributions to owners Share-based payments Issue of share capital Total contributions by and distributions to owners 31 December 2017 and 1 January 2018 (as restated) Loss for the year Other comprehensive loss Total comprehensive expense for the year Contributions by and distributions to owners Share-based payments Issue of share capital Total contributions by and distributions to owners 31 December 2018 – 3,119 – 7,051 – 67,681 – – – – 1,437 1,437 – – – – – – – – – – 5,558 5,558 301 – 301 – – – 21 – 21 – – – – 1,184 1,184 5,740 – – – – – – 7,051 – – – – 6,099 6,099 79,338 – – – 22 – 22 344 (2,123) (57,813) 18,216 – 164 (2,123) (57,649) – 805 (8,573) – 164 18,380 (8,573) 805 805 (8,573) (7,768) – – – – – – – (711) (5,223) – 21 6,995 7,016 17,628 (5,223) (711) (711) (5,223) (5,934) – – – – – – (2,029) (71,445) 22 7,283 7,305 18,999 4,556 7,051 73,239 322 (1,318) (66,222) See note 2.5 for details regarding the restatement as a result of a change in accounting policy. The share capital comprises the nominal values of all shares issued. The capital redemption reserve comprises the amount transferred from deferred shares on redemption of the deferred shares. The share premium account comprises the amounts subscribed for share capital in excess of the nominal value, net of issuance costs. The share options reserve represents the cost to the Group of share options. The translation reserve arises on retranslating the net assets of UK operations into US dollars. The retained earnings are all other net gains and losses and transactions with owners not recognised elsewhere. The notes on pages 54 to 84 form part of these financial statements. 52 Corero Network Security plc Annual Report and Accounts 2018Capital redemption reserve $’000 Share premium account $’000 Share options reserve $’000 Translation reserve $’000 Retained earnings $’000 7,051 67,681 301 (13,157) Total equity $’000 29,050 (10,466) 3,138 – 3,138 (35,945) (10,466) – COMPANY STATEMENT OF CHANGES IN EQUITY for the year ended 31 December 2018 1 January 2017 Loss for the year Other comprehensive income Total comprehensive expense for the year Contributions by and distributions to owners Share-based payments Issue of share capital Total contributions by and distributions to owners 31 December 2017 Opening adjustment – IFRS 9 Financial Instruments 1 January 2018 Loss for the year Other comprehensive loss Total comprehensive expense for the year Contributions by and distributions to owners Share-based payments Issue of share capital Total contributions by and distributions to owners 31 December 2018 Share capital $’000 3,119 – – – – 1,437 1,437 4,556 – 4,556 – – – – 1,184 1,184 5,740 – – – – – – 7,051 – 7,051 – – – – – – 7,051 – – – – 5,558 5,558 73,239 – 73,239 – – – – 6,099 6,099 79,338 – – – 21 – 21 322 – 322 – – – 22 – 22 344 The notes on pages 54 to 84 form part of these financial statements. 3,138 (10,466) (7,328) – – – – – – (10,019) (46,411) – (10,019) – (2,054) (1,745) (48,156) (3,494) – 21 6,995 7,016 28,738 (1,745) 26,993 (3,494) (2,054) (2,054) (3,494) (5,548) – – – – – – (12,073) (51,650) 22 7,283 7,305 28,750 53 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsNOTES TO THE FINANCIAL STATEMENTS 1. General information Presentation currency These consolidated financial statements are presented in US dollars (“$”) which represents the presentation currency of the Group. The average $-GBP sterling (“GBP”) exchange rate, used for the conversion of the Statement of Comprehensive Income, for the 12 months ended 31 December 2018 was 1.33 (2017: 1.29). The closing $-GBP exchange rate, used for the conversion of the Group’s assets and liabilities, at 31 December 2018 was 1.28 (2017: 1.35). Corero Network Security plc is a public limited company incorporated in the United Kingdom under the Companies Act 2006 and registered in England and Wales. The functional currency of the Company is GBP. 2. Significant accounting policies 2.1 Basis of preparation The Group financial statements have been prepared in accordance with EU endorsed International Financial Reporting Standards (“IFRS”), International Financial Reporting Interpretations Committee (“IFRIC”) interpretations and those parts of the Companies Act 2006 applicable to companies reporting under IFRS. The parent Company financial statements have been prepared in accordance with FRS 101 (Financial Reporting Standard 101) ‘Reduced Disclosure Framework’. New Standards impacting the Group that have been adopted in the annual financial statements for the year ended 31 December 2018, and which give rise to a change in the Group’s accounting policies are: • IFRS 9 Financial Instruments; and • IFRS 15 Revenue from Contracts with Customers. 2.2 Going Concern The financial statements have been prepared on a going concern basis. The Directors have prepared detailed income statement, balance sheet and cash flow projections for the period to 31 December 2020. The cash flow projections have been subjected to sensitivity analysis at the revenue, cost and combined revenue and cost levels. The cash flow projections show that the Group and Company will maintain a positive cash balance until at least December 2020. In addition, the projections and sensitivity analyses confirm that the bank loan covenants will be met for a period of at least 12 months from the date of approval of these financial statements. On this basis, the Directors have therefore concluded that it is appropriate to prepare the financial statements on a going concern basis. However, the ability of the Company and Group to achieve the future profit and cash flow projections cannot be predicted with certainty. Failure of the Company and the Group to meet these projections and deliver revenue growth may adversely impact the achievability of the bank loan covenants which may result in the bank loan being required to be repaid before the maturity date if the revenue covenants are not met and cannot be renegotiated. This would adversely impact the Company and the Group’s working capital position and would require the Company to raise additional funding, with no guarantee such funding would be secured. Taken together, the achievability of the projections and availability of additional funding if required indicate a material uncertainty that may cast significant doubt on the Company and the Group’s ability to continue as a going concern for the foreseeable future. The financial statements do not include the adjustments that would result if the Group and Company was unable to continue as a going concern. 2.3 Basis of consolidation The consolidated financial statements incorporate the results, assets, liabilities and cash flows of the Company and each of its subsidiaries for the financial year ended 31 December 2018. Subsidiaries are entities controlled by the Group. Control is deemed to exist when the Group has all of the following elements: a) power over the subsidiary, b) exposure or rights to variable returns from that subsidiary, c) ability to use its power to affect the amount of the return from the subsidiary. The results, assets, liabilities and cash flows of subsidiaries are included in the consolidated financial statements from the date control commences until the date that control ceases. Where necessary, adjustments are made to the financial statements of subsidiaries to bring the accounting policies used into line with those used by the Group. Intra-group balances and transactions are eliminated on consolidation. 54 Corero Network Security plc Annual Report and Accounts 20182.4 Business combinations The acquisition method is used to account for all acquisitions. The cost of an acquisition is measured at the fair values, on the date of acquisition, of assets given, liabilities incurred or assumed, and equity instruments issued. At the date of acquisition, the identifiable assets and liabilities and contingent liabilities of a subsidiary are measured at their fair values. Any excess of the cost of acquisition over the fair values of the identifiable net assets acquired is recognised as goodwill. 2.5 Revenue The Group’s revenue is derived from the following products and services: • Hardware and perpetual software licenses; • Support services for a defined term; • Installation and training services; • DDoS protection as-a-service (“DDPaaS”) for a defined term; • SecureWatch Managed Service (enhanced security monitoring services) for a defined term; and • Software subscription licenses for a defined term. The element of DDPaaS revenues pertaining to the lease of as-a-service assets is included in reported revenues and is recognised on a straight line basis over the term of the contract. Performance obligations, timing of revenue recognition and revenue recognition Revenue is recognised when control of the goods (hardware and software) transfer to the customer and services are delivered. Goods are shipped free on board (“FOB”) from Corero, or Corero’s contract manufacturer, to the customer. The point of transfer of control for hardware is at the point of FOB shipment to the customer and for software at the point of electronic transfer to the customer. Revenue recognised on transfer of control of hardware and software products Hardware, perpetual software licenses and software subscription licenses Revenue recognised over-time (over the term of the contract) Support, DDPaaS and SecureWatch Managed services Revenue recognised once the service has been delivered Installation and training services Determining the transaction price The contract price is determined by reference to the Corero Sales Quotation or DDPaaS Agreement and is a fixed price. Certain DDPaaS contracts have an element of the transaction value or all of the transaction value determined by reference to a share of the customers’ revenue generated from the Corero solution (“Revenue Share”). This Revenue Share revenue is recognised when the Revenue Share is determined or can be reasonably estimated. Corero does not have any other variable consideration payable by the customer and does not pay any consideration to the customer. There is no provision for purchase price adjustments, right of return or price concessions. Allocating amounts to performance obligations For contracts containing only a single performance obligation (annual support services, DDPaaS and SecureWatch Managed Service) there is no requirement to make an allocation of the contract price. For contracts containing multiple products, the transaction price is allocated to the separate performance obligations based on relative stand-alone selling prices (“SSP”). SSP equates to the historic best estimated selling price methodology previously applied consistently by Corero in prior year financial statements. The SSP is determined using defined price lists and historic customer discount rates. 55 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements2. Significant accounting policies continued Incremental costs of obtaining a contract Sales commission paid to Corero sales employees is an incremental cost of obtaining a contract. Sales commission relating to the support revenue from a new sales contract is recorded in prepayments and amortised over five years. Corero has considered the requirements of the IFRS15 standard with regards to the amortisation period which requires amortisation on a systematic basis that is consistent with the transfer to the customer of the goods or services to which the asset relates. The expectation, supported by historic evidence, is that customers will generally renew their support contracts for more than three years with the additional expectation of follow-on hardware and software (and associated services) business from a significant number of existing customers. Based on this, Corero has assessed that a reasonable period for capitalised sales commission to be amortised is five years. Periodic customer reviews will be undertaken to ascertain if there is any evidence that the value of the customer relationship has been negatively impacted, in which case the prepayment will be appropriately written down. Applying the practical expedient, Corero recognises the incremental costs of obtaining contracts as an expense when incurred if the amortisation period of the prepayment that Corero otherwise would have recognised is one year or less. Fulfilment costs Corero’s principal fulfilment costs relate to the costs of the Corero customer support team which delivers the customer support services, DDPaaS services and the SecureWatch Managed services. These costs are not separately allocated or identifiable against specific customers. Therefore, these costs are recognised in the period in which they are incurred. The Group chose to adopt IFRS15 on a fully retrospective basis. After reviewing the requirements of IFRS15, Corero has concluded that no restatement to previously recognised revenue was required and there was no requirement to amend existing contract liabilities. None of the practical expedients relating to contracts with customers were therefore required to be applied. The impact of adopting IFRS15 on a fully retrospective basis for the capitalisation and amortisation of sales commission was to reduce the operating expenditure/loss for the relevant reporting periods and increase trade and other receivables (prepayments). The capitalised sales commission balance at 31 December 2018 was $211,000 (2017: $164,000). The amortisation of sales commission was $50,000 in the 12 months ended 31 December 2018 (2017: $21,000). Contract assets and liabilities Contract assets arise when goods and services have been delivered and invoiced but payment is not yet due. Contract liabilities arise for future delivery of services which have been invoiced and payment is due. Contract liabilities are shown as deferred income in the Statement of Financial Position. 2.6 Government grants Government grants are recognised at fair value when there is reasonable assurance that the Group will comply with the conditions attaching to them and the grant will be received. Grants related to purchase of assets are treated as deferred income and allocated to the Statement of Comprehensive Income over the useful lives of the related assets while grants related to expenses are netted off against the related item of expenditure in the Statement of Comprehensive Income – Profit and Loss. 2.7 Cost of sales Cost of sales includes all direct costs associated with revenue generation, including goods directly related to revenue, services delivery, operation costs, DDoS as-a-service depreciation and amounts charged by external third parties for services. Examples of such costs would include third party hardware costs and third party software license costs. 2.8 Foreign currencies Transactions in foreign currencies are translated at the exchange rate ruling at the date of each transaction. Foreign currency monetary assets and liabilities are retranslated using the exchange rates at the reporting date. Gains and losses arising from changes in exchange rates after the date of the transaction are recognised in profit or loss in the Statement of Comprehensive Income. Non-monetary assets and liabilities that are measured in terms of historical cost in a foreign currency are translated at the exchange rate at the date of the original transaction. In the consolidated financial statements, the net assets of the Group’s UK operations are translated from GBP into US dollars at the exchange rate at the reporting date. Income and expense items are translated into US dollars at the average exchange rates for the period. The resulting exchange differences are recognised in the translation reserve. 56 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 20182.9 Intangible assets Internally generated intangible assets The Group’s internally generated intangible asset relates to its development expenditure. Development expenditure is capitalised only when it is probable that future economic benefit will result from the project and the following criteria are met: • the technical feasibility of the product has been ascertained; • adequate technical, financial and other resources are available to complete and sell or use the intangible asset; • the Group can demonstrate how the intangible asset will generate future economic benefits and the ability to use or sell the intangible asset can be demonstrated; • it is the intention of management to complete the intangible asset and use it or sell it; and • the development costs can be measured reliably. Expenditure not meeting these criteria is expensed in the Statement of Comprehensive Income – Profit and Loss. After initial recognition, internally generated intangible assets are carried at cost less accumulated amortisation and any impairment losses. Amortisation is charged once the asset is capable of generating economic benefits. Acquired intangible assets Identifiable intangible assets acquired as part of a business combination are initially recognised separately from goodwill, irrespective of whether the assets have been recognised by the acquiree before the business combination. An intangible asset is considered identifiable only if it is separable or if it arises from contractual or other legal rights, regardless of whether those rights are transferable or separable from the entity or from other rights and obligations. Intangible assets acquired as part of a business combination and recognised by the Group are computer software and customer relationships. Purchased computer software is carried at cost less accumulated amortisation and any impairment losses. Customer contracts and the related customer relationships are carried at cost less accumulated amortisation and any impairment losses. Amortisation Intangible assets are amortised on a straight line basis to reduce their carrying value to zero over their estimated useful lives. The following useful lives were applied during the year: • Computer software acquired – 3 years straight line • Capitalised development expenditure – 5 years straight line Amortisation costs are included within operating expenses in the Statement of Comprehensive Income. Methods of amortisation and useful lives are reviewed, and if necessary adjusted, at each reporting date. 2.10 Property, plant and equipment Depreciation commences when an asset is available for use. Depreciation is calculated so as to write off the cost or value of an asset, net of anticipated disposal proceeds, over the useful life of that asset as follows: • Leasehold improvements – period of the lease (straight line) • Computer equipment, evaluation assets and DDoS protection as-a-service assets – 3 years (straight line) • Fixtures and fittings – 5 years (straight line) Property, plant and equipment is stated at cost less accumulated depreciation and any impairment losses. Cost comprises the purchase cost of property, plant and equipment together with any directly attributable costs. Evaluation assets are used by customers during proof of concept trials. Evaluation assets are stated at cost less accumulated depreciation. When an evaluation asset is retained by a customer as part of a sale, the net book value of the evaluation asset is charged to cost of sales. Depreciation of DDoS protection as-a-service assets is charged to cost of sales. 57 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements2. Significant accounting policies continued Subsequent costs are included in an asset carrying value or are recognised as a separate asset when it is probable that future economic benefits associated with the additional expenditure will flow to the Group and the cost of the item can be measured reliably. All other costs are charged to the Statement of Comprehensive Income – Profit and Loss as incurred. Methods of depreciation, residual values and useful lives are reviewed, and if necessary adjusted, at each balance sheet date. The gain or loss arising from the disposal or retirement of an item of property, plant and equipment is determined as the difference between the net disposal proceeds and the carrying amount of the item and included in the Statement of Comprehensive Income – Profit and Loss. 2.11 Inventory Inventory is stated at the lower of cost or net realisable value. Cost is computed using standard cost, which approximates actual cost, on a first-in, first-out basis. Rapid technological change and new product introductions and enhancements could result in excess or obsolete inventory, the value of which may not be recoverable. To minimise this risk, the Group evaluates inventory levels and expected usage on a periodic basis and records valuation allowances as required. 2.12 Impairment At each reporting date, the Group assesses whether there is any indication that its assets have been impaired. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of any impairment. If it is not possible to estimate the recoverable amount of the individual asset, the recoverable amount of the cash-generating unit ("CGU") to which the asset belongs is determined. The recoverable amount of an asset or a CGU is the higher of its fair value less costs to sell and its value in use. The recoverable amount is calculated using the present value of the future cash flows expected to be derived from an asset or CGU. This present value is derived using a cost of capital rate that reflects current market assessments of the time value of money and of the risks specific to the asset for which future cash flow estimates have not been adjusted. If the recoverable amount of an asset is less than its carrying amount, the carrying amount of the asset or CGU is reduced to its recoverable amount. That reduction is recognised as an impairment loss. An impairment loss relating to assets carried at cost less any accumulated depreciation or amortisation is recognised immediately in the Statement of Comprehensive Income – Profit and Loss. Goodwill acquired in a business combination is, from the acquisition date, allocated to each of the CGU's or groups of CGU's that are expected to benefit from the synergies of the combination. Goodwill is tested for impairment at least annually, and whenever there is an indication that the asset may be impaired. An impairment loss is recognised for CGU's if the recoverable amount of the CGU is less than the carrying amount of the CGU. The impairment loss is allocated to reduce the carrying amount of the assets of the CGU by first reducing the carrying amount of any goodwill allocated to the CGU, and then reducing the carrying amounts of the other assets of the CGU pro rata. If an impairment loss subsequently reverses, the carrying amount of the asset or CGU is increased to the revised estimate of its recoverable amount but limited to the carrying amount that would have been determined had no impairment loss been recognised in prior years. A reversal of an impairment loss is recognised in the Statement of Comprehensive Income – Profit and Loss. Impairment losses on goodwill are not subsequently reversed. 2.13 Leases Where substantially all of the risks and rewards incidental to ownership of a leased asset are transferred to the Company (a “finance lease”), the asset is treated as if it had been purchased outright. The amount initially recognised as an asset is the lower of the fair value of the leased asset and the present value of the minimum lease payments payable over the term of the lease. The corresponding lease commitment is shown as a liability. Lease payments are analysed between capital and interest. The interest element is charged to the Statement of Comprehensive Income – Profit and Loss over the period of the lease and is calculated so that it represents a constant proportion of the lease liability. The capital element reduces the balance owed to the lessor. 58 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 2018Where substantially all of the risks and rewards incidental to ownership are not transferred to the Company (an “operating lease”), the total rentals payable under the lease are charged to the Statement of Comprehensive Income – Profit and Loss on a straight-line basis over the lease term. The aggregate benefit of lease incentives are recognised as a reduction of the rental expense over the lease term on a straight-line basis. Amounts receivable under DDPaaS agreements in relation to as-a-service assets are recognised as revenue as explained in note 2.5. 2.14 Investments in subsidiaries In the Company’s separate financial statements, investments in subsidiaries are carried at cost less any impairment provisions. 2.15 Taxation The tax expense represents the sum of current tax and deferred tax. Current tax Current tax is based on taxable profit for the year and is calculated using tax rates enacted or substantively enacted at the reporting date. Taxable profit differs from accounting profit either because items are taxable or deductible in periods different to those in which they are recognised in the financial statements, or because they are never taxable or deductible. Deferred tax Deferred tax on temporary differences at the reporting date between the tax bases of assets and liabilities and their carrying amounts for financial reporting purposes is accounted for using the balance sheet liability method. Using the balance sheet liability method, deferred tax liabilities are recognised in full for all taxable temporary differences and deferred tax assets are recognised to the extent that it is probable that taxable profits will be available against which deductible temporary differences can be utilised. However, if the temporary difference arises from the initial recognition of goodwill or the initial recognition of an asset or liability in a transaction other than a business combination, that at the time of the transaction affects neither accounting nor taxable profit, it is not recognised as deferred tax asset or liability. Deferred taxation is measured at the tax rates that are expected to apply when the asset is realised, or the liability settled, based on tax rates and laws enacted or substantively enacted at the reporting date. 2.16 Provisions A provision is recognised when, as a result of a past event, the Group has a legal or constructive obligation, it is probable that an outflow of resources embodying economic benefits will be required to settle the obligation and a reliable estimate of the amount of such an obligation can be made. Provisions are measured at the best estimate of the expenditure required to settle the obligation at the reporting date. When the effect is material, the expected future cash flows required to settle the obligation are discounted at the pre-tax rate that reflects the current market assessments of the time value of money and the risks specific to the obligation. 2.17 Post-retirement benefits The Group makes contributions in respect of certain employees to defined contribution pension plans under which it is required to pay fixed contributions to group and personal pension funds. Contributions to the schemes are based on a proportion of the employees’ earnings and are charged to the Statement of Comprehensive Income – Profit and Loss when incurred. The Group has no obligation beyond these contributions. 2.18 Financial instruments The Group classifies financial instruments, or their component parts, on initial recognition as a financial asset, a financial liability or an equity instrument in accordance with the substance of the contractual arrangement. Financial assets and financial liabilities are recognised in the Group’s Statement of Financial Position when the Group becomes party to the contractual provisions of the instrument. The modified retrospective basis has been used for the application of IFRS 9. 59 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements2. Significant accounting policies continued The particular recognition and measurement methods adopted for the Group’s financial instruments are disclosed below: Trade and other receivables Trade and other receivables are stated at their fair value at time of initial recognition, reflecting, where material, the time value of money. A provision for impairment of trade receivables is established when there is evidence that the Group will not be able to collect all amounts due. The simplified approach is used for assessing the expected credit loss on trade receivables, requiring the lifetime expected credit loss to be recorded as the provision for impairment. An impairment provision is recorded against the loan note instrument between the Company and Corero Network Security, Inc based on calculating the risk adjusted carrying value of the loan to take account of the credit loss which is expected to arise over the period until the cash is realised. In situations where the loan amount is expected to be recovered, the expected credit loss is limited to the effect of discounting the loan over the period until repayment is realised at the effective interest rate. Cash and cash equivalents Cash and cash equivalents include cash in hand and deposits on call with banks. Trade and other payables Trade and other payables are not interest bearing and are stated at their fair value at time of initial recognition. Thereafter they are accounted for at amortised cost. Debt obligations Debt obligations include interest bearing bank borrowings which are stated at their fair value at time of initial recognition. 2.19 Equity instruments An equity instrument is any contract that evidences a residual interest in the assets of the Company after deducting all its liabilities. Equity instruments issued by the Company are recorded at the proceeds received, net of directly attributable issue costs. 2.20 Employee share option schemes The Group operates an equity-settled share-based compensation plan. The fair value of the employees’ services received in exchange for the grant of share options is measured at grant date and recognised as an expense on a straight line basis over the vesting period, based on the Group’s estimate of shares that will eventually vest. Fair value is determined by reference to the Black-Scholes option pricing model. If an option grant is cancelled the previously recorded expense is credited to the Statement of Comprehensive Income - Profit and Loss. At each reporting date, the Group revises its estimate of the number of options that are expected to become exercisable. When share options are exercised, the proceeds received, net of any transaction costs, are credited to share capital (nominal value) and share premium. 2.21 Standards and Interpretations not yet effective There are a number of standards, amendments to standards, and interpretations which have been issued that are effective in future accounting periods that the Group has decided not to adopt early. The most significant of these is: IFRS 16 – Leases. Effective for periods beginning on or after 1 January 2019. The adoption of IFRS16 will result in the Group recognising right-of-use assets and lease liabilities for all contracts that are, or contain, a lease. For leases currently classified as operating leases, under current accounting requirements the Group does not recognise related assets or liabilities, and instead spreads the lease payments on a straight-line basis over the lease term, disclosing the total future commitment. The Group will apply the modified retrospective adoption method under IFRS16, and, therefore will recognise leases on balance sheet as at 1 January 2019. In addition, the right-of-use assets measure will be determined by reference to the lease liability on that date. The Group will use the practical expedient not to recognise leases whose term ends within 12 months of the initial application (1 January 2019) and account for these leases as a short-term lease. For the Group’s one applicable lease at 31 December 2018, an office premises lease, it is anticipated a right-of-use asset and lease liability of approximately $76,000 will be recognised on 1 January 2019. Instead of recognising an operating expense for its applicable operating lease payments, the Group will recognise interest on its lease liabilities and amortisation on its right-of-use assets. For the applicable lease, the application of IFRS 16 will reduce the 2019 operating expenses by $31,000 and increase the interest charge by $3,000. The Group does not expect any other standards issued by the IASB, but not yet effective, to have a material impact on the Group. 60 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 20183. Critical accounting judgements and key sources of estimation uncertainty 3.1 Critical judgements in applying the Group’s accounting policies In the process of applying the Group accounting policies, the following judgements have had a significant effect on the amounts recognised in the financial statements: Internally generated research and development costs Management monitors progress of internal research and development projects. Judgement is required in distinguishing the research phase from the development phase. Development costs are recognised as an asset when all criteria are met and a project has passed the feasibility phase, whereas research costs are expensed as incurred. Management monitors whether the recognition requirements for development costs continue to be met. This is necessary as the economic success of any product development is uncertain. 3.2 Key accounting estimates and assumptions Key assumptions concerning the future and other key sources of estimation uncertainty that have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year are as follows: Impairment of intangible assets and property, plant and equipment The Group tests goodwill at least annually for impairment, and whenever there is an indication that the asset may be impaired. All other intangible assets and property, plant and equipment are tested for impairment when indicators of impairment exist. Impairment is determined with reference to the higher of fair value less costs to sell and value in use. Fair value less costs to sell is estimated using discounted future cash flows. Significant assumptions are made in estimating future cash flows about future events including future market conditions, future growth rates and appropriate discount rates. Changes in these assumptions could affect the outcome of impairment reviews. Details of the main assumptions used in the assessment of the carrying value of the Group’s CGU are set out in note 8. Impairment of investments (applies to the Company financial statements only) The Directors have reviewed the cost of investments in subsidiaries of the Company with reference to current and future trading conditions. The investment in subsidiaries has been reviewed with reference to a valuation based on a discounted free cash flow, in conjunction with the goodwill impairment review, which the Directors consider to be an appropriate valuation methodology. Going concern The Directors have reviewed the future profit and cash flow projections in conjunction with the current economic climate in order to express an opinion on the adequacy of working capital and the ability to continue as a going concern for the foreseeable future. The methodology contained in the projections is detailed in the note 2.2. Standalone Selling Price – Revenue recognition On a quarterly basis the Group analyses the selling prices for each deal compared to the current Standalone Selling Price (“SSP”). This analysis includes grouping similar deals based on qualitative factors such as customer profile, size, and region, together with a quantitative comparison to the then current SSP. SSP fair value prices are adjusted for future quarters if management identifies a pattern of variances of greater than 10% between actual selling prices and the then current SSP. 61 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements4. Segment reporting Business segments The Group is managed according to one business unit, Corero Network Security, which makes up the Group’s reportable operating segment. This business unit forms the basis on which the Group reports its primary segment information to the Board, which management consider to be the Chief Operating Decision maker for the purposes of IFRS 8 Operating Segments. The Group’s revenues from external customers and its non-current assets are divided into the following countries: USA UK Germany Switzerland Other European countries Australia Ireland APAC Rest of World Total 2018 Revenue $’000 2018 Non-current assets $’000 5,372 2,526 390 440 237 523 119 190 154 16,060 230 – – – – – – – 2017 Revenue $’000 5,660 1,866 2017 Non-current assets $’000 17,360 178 43 224 329 395 – – 14 – – – – – – – 9,951 16,290 8,531 17,538 Revenues from external customers are identified on the basis of invoicing systems and adjusted to take into account the difference between invoiced amounts and deferred revenue adjustments required by IFRS. An international SaaS customer, the Group’s largest customer, accounted for 14% of 2018 revenue (2017: 14%). The revenue is analysed as follows for each revenue category: Hardware and licence revenue DDoS protection as-a-service revenue Maintenance and support services revenue Total The revenue is analysed by timing of delivery of goods or services as: Point in time delivery Over time Total 2018 $’000 4,866 819 4,266 9,951 2018 $’000 4,866 5,085 9,951 2017 $’000 4,510 323 3,698 8,531 2017 $’000 4,510 4,021 8,531 No unsatisfied performance obligations arise except from those revenues which are recognised over time. See note 18 for further details. The as-a-service assets element of DDoS protection as-a service revenues arise under operating lease arrangements. 62 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 2018Contract balances At 1 January Transfers in the period from trade receivables Amounts included in contract liabilities that were recognised as revenue in the period from the opening balance Amounts included in contract liabilities that were recognised as revenue from amounts invoiced in the period Amounts invoiced in the period and not recognised as revenue in the period At 31 December Company Contract assets Contract liabilities 2018 $’000 764 596 2017 $’000 601 163 – – – – – – 1,360 764 2018 $’000 1,989 – 2017 $’000 2,917 – (1,702) (2,062) (3,383) (1,959) 5,976 2,880 3,093 1,989 The Company has no contract assets or liabilities (2017: $nil). 5. Loss for the year The following items have been included in arriving at the Group loss for the year before taxation: DDoS protection as-a-service asset depreciation Unrealised (gain)/loss on intercompany loan Development expenditure not capitalised Amortisation of acquired intangible assets (note 9) Amortisation of capitalised development expenditure (note 10) Depreciation of property, plant and equipment (note 11) Operating lease rentals payable Auditor’s remuneration Remuneration received by the Company’s auditor for the audit of these Financial Statements The audit of the financial statements of other group companies Fees payable to the Company’s auditor for corporate services Fees payable to the Company’s auditor for taxation compliance services Fees payable to the Company’s auditor for taxation advisory services 2018 $’000 124 (425) 853 23 2,918 483 308 2017 $’000 74 627 1,486 55 2,408 548 319 2018 $’000 2017 $’000 80 29 2 30 6 147 84 23 8 27 3 145 63 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements6. Tax on loss on ordinary activities Current tax credit Total 2018 $’000 – – 2017 $’000 116 116 The tax assessed on the loss on ordinary activities for the year differs from the weighted average UK corporate rate of tax of 19.0% (2017: 19.25%). The differences are reconciled below: Total tax reconciliation Loss before taxation Theoretical tax credit at UK Corporation tax rate 19.0% (2017: 19.25%) Effect of: – expenditure that is not tax deductible – R&D tax credits – accelerated capital allowances – other timing differences – losses not utilised Actual taxation credit (5,223) (992) (8,689) (1,673) 241 – (10) (1) 762 – 53 116 (15) 1 1,634 116 Factors affecting future tax charges As at 31 December 2018, the Group’s cumulative fixed asset timing differences were $394,000 (2017: $426,000) and no deferred tax asset has been recognised in respect of these items. In addition, the tax losses at that date amounted to $85.4 million (2017: $82.0 million). This comprised UK tax losses of $12.1 million and US tax losses of $73.3 million. $9.0 million of the tax losses relate to pre-acquisition US tax losses which can be offset against taxable profits over 15 years (there is a limit on the utilisation of pre-acquisition tax losses of $0.7 million per annum and any unused loss may be carried forward to subsequent periods). All other US tax losses expire 20 years from the end of the accounting period in which the loss arose. UK tax losses do not expire. Deferred tax assets of $2.0 million (2017: $2.1 million) relating to the UK tax losses (applying a tax rate of 17.0%) and the deferred tax assets of $15.5 million (2017: $14.6 million) relating to the US tax losses and taxable temporary fixed asset differences (applying a tax rate of 21.0%) have not been recognised due to uncertainties as to the extent and timing of their future recovery. 7. Loss per share Loss per share is calculated by dividing the earnings attributable to ordinary shareholders of the Company by the weighted average number of ordinary shares in issue during the year. The effects of anti-dilutive ordinary shares resulting from the exercise of share options are excluded from the calculation of the loss per share. Therefore, the diluted loss per share is equal to the loss per share. 2018 weighted average number of 1p shares Thousand 362,684 2018 loss $’000 (5,223) 2018 loss per share Cents 2017 Restated loss $’000 2017 weighted average number of 1p shares Thousand 2017 Restated loss per share Cents (1.4) (8,409) 280,130 (3.0) Basic and diluted loss per share 64 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 20188. Goodwill Group Cost At 1 January 2017 At 31 December 2017 At 31 December 2018 Impairment At 1 January 2017 At 31 December 2017 At 31 December 2018 Carrying amount At 31 December 2018 At 31 December 2017 At 1 January 2017 $’000 17,983 17,983 17,983 (8,992) (8,992) (8,992) 8,991 8,991 8,991 Goodwill is tested at least annually for impairment and whenever there are indications that goodwill might be impaired. Goodwill is allocated to the Group’s single CGU, Corero Network Security (“CNS”). The recoverable amount for the CNS CGU was determined based on a discounted cash flow calculation to calculate fair values less costs to sell using cash flow projections over a 10 year period (2017: 10 year period). The discounted cash flow approach is a level 3 fair value calculation in the IFRS 13 fair value hierarchy. The key assumptions for the discounted cash flow calculation are those regarding revenue growth and discount rates as summarised in the table below and commented on below: Forecast cash flow period Extrapolated cash flow period Cumulative annual growth rate (“CAGR”) for revenue used for the forecast/extrapolated periods Average annual revenue growth rates used for the forecast/extrapolated periods: Year 1–2 (forecast period) Years 3–5 (extrapolated period) Years 6–10 (extrapolated period) Revenue growth rate used beyond the extrapolated period Discount rate 2018 2017 Years 1–2 Years 1–2 Years 3–10 Years 3–10 16.4% 17.8% 28.1% 24.9% 7.4% 2.5% 14.4% 36.1% 24.9% 7.4% 2.5% 17.7% The pre-tax cash flows for the forecast period are derived from the most recent financial budget for the year ending 31 December 2019 and the plan for the year ending 31 December 2020 approved by the Board, with a downward revenue adjustment reflecting prior year experience (37.5% applied to the 2019 budget and 50% to the 2020 plan). The extrapolation for the period 2021 to 2028 is based on management estimates (with the key assumptions set out below). The future pre-tax cash flows are discounted by a WACC of 14.4% (2017: 17.7%). 65 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements8. Goodwill continued The key assumptions underlying the cash flow projections and which the recoverable amount is most sensitive to are (i) the revenue growth rates forecast and extrapolated for the period 2019 to 2023 (ii) and the discount rate. The cash flow forecasts assume a CAGR revenue growth of 26.2% in the period 2018 to 2023 (28.1% for the period 2018 to 2020) and 7.4% for the period 2023 to 2028 (a CAGR of 16.4% for 10-year forecast extrapolated period). These revenue growth rates reflect a downward revenue adjustment of 37.5% applied to the CNS 2019 budget revenues and 50% applied to the 2020 plan revenues (and a corresponding reduction of 18.75% in 2019 operating costs and capital expenditure, and 20% in 2020 operating costs and capital expenditure) reflecting prior year experience. The management of the Group believe these growth rates are appropriate for the forecasts given the progress the business made in 2018, the strategy for 2019 which is focused on scaling the business for profitability through a three-pronged go-to-market focus (direct sales, indirect channel sales, and go-to-market partner sales from partners such as Juniper) and the planned investment in sales and marketing. This strategy is expected to deliver a step change in revenue in the forecast period. The assumed growth rates are supported by the fact that the IT security market is forecast to grow strongly for the foreseeable future. • The DDoS appliance market is expected to reach $1.45bn by 2022 (Source: IHS Markit technology research – DDoS Prevention Appliances Worldwide, Biannual Market Tracker H2 2018 (published 19 November 2018)) – a CAGR of 11.0% in the period 2017 to 2022. • According to IDC (one of the leading global IT analyst firms), the global spending on security-related hardware, software and services is forecast to grow to $133.7bn in 2022 (a CAGR of 9.9% over the 2017-2022 forecast period). (Source: IDC Update to Worldwide Semi- annual Security Spending Guide published 4 October 2018). The above market growth rates used in the future cash flow assumptions reflect that CNS is in the early stages of the commercial exploitation of its intellectual property. In addition, the business’ strategy is to continue to develop its product and solution offerings to remain a market leader in its chosen markets thereby providing the opportunity to generate above market average growth rates. The growth rate assumed in the period beyond the 10-year extrapolation period of 2.5% is considered reasonable as historically IT spend has exceeded GDP growth. The discount rate is based on a cost of equity using the Capital Asset Pricing Model with the key inputs being a risk-free interest rate estimate of 2.68% (based on 10-year US government bonds) (2017: 2.48%), comparable company betas, an equity risk premium of 7.4% (2017: 7.4%), and small company risk premium of 4.5% (2017: 4.5%). The WACC has been assessed based on that fact that the Company had debt at 31 December 2018 of $3.8 million. The WACC used in the valuation reflects current market assessments of the time value of money and the risks specific to CNS. As stated above, the valuation to support the value in use of the CNS CGU is highly sensitive to changes in cash flow forecasts and discount rate assumptions, and there is no guarantee that the expected growth will be achieved. If the discount rate is increased by 50%, which in the assessment of management is reasonably possible, from 14.4%% to 21.6%, this would result in a $1.2 million impairment of goodwill. If the downward revenue adjustment of 37.5% applied to the CNS 2019 Budget and 50% to the 2020 Plan revenues (and corresponding reduction of 18.75% in CNS Budget 2019 operating costs and capital expenditure, and 25% in the 2020 Plan operating costs and capital expenditure) was increased by 20%, which in the assessment of management is reasonably possible, this would result in a $6.6 million impairment of goodwill. Apart from the considerations in determining the value in use of the CNS CGU described above, the management of the Group is not currently aware of any other reasonably possible changes that would necessitate changes in its key estimates. 66 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 20189. Acquired intangible assets Group Cost At 1 January 2017 Additions At 31 December 2017 and at 1 January 2018 Additions At 31 December 2018 Amortisation At 1 January 2017 Charge for year At 31 December 2017 and at 1 January 2018 Charge for year At 31 December 2018 Net book value At 31 December 2018 At 31 December 2017 At 1 January 2017 Company The Company has no intangible fixed assets (2017: $nil). Computer software $’000 Customer relationships $’000 5,993 10 6,003 – 6,003 (5,911) (55) (5,966) (23) (5,989) 14 37 82 197 – 197 – 197 (197) – (197) – (197) – – – Total $’000 6,190 10 6,200 – 6,200 (6,108) (55) (6,163) (23) (6,186) 14 37 82 67 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements10. Capitalised development expenditure Group Cost At 1 January 2017 Additions At 31 December 2017 and at 1 January 2018 Additions At 31 December 2018 Amortisation At 1 January 2017 Charge for year At 31 December 2017 and at 1 January 2018 Charge for year At 31 December 2018 Net book value At 31 December 2018 At 31 December 2017 At 1 January 2017 Company The Company has no capitalised development expenditure (2017: $nil). Total $’000 15,668 2,171 17,839 1,701 19,540 (7,767) (2,408) (10,175) (2,918) (13,093) 6,447 7,664 7,901 68 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 201811. Property, plant and equipment Group Cost At 1 January 2017 Additions Transfers Disposals Foreign currency translation At 31 December 2017 and at 1 January 2018 Additions Transfers Disposals Foreign currency translation At 31 December 2018 Depreciation At 1 January 2017 Charge for year Transfers Disposals Foreign currency translation At 31 December 2017 and at 1 January 2018 Charge for year Transfers Disposals Foreign currency translation At 31 December 2018 Net book value At 31 December 2018 At 31 December 2017 At 1 January 2017 Sales evaluation assets $’000 DDoS protection as-a-service assets $’000 Computer Equipment $’000 Fixtures and Fittings $’000 Leasehold Improvements $’000 Total $’000 2,084 213 – – 9 2,306 243 – – (9) 2,540 (1,782) (223) – – (3) (2,008) (211) – – 6 (2,213) 327 298 302 819 149 (187) (228) – 553 216 (22) (273) – 474 (276) (230) 68 76 – (362) (132) 13 143 – (338) 136 191 543 62 135 187 (4) – 380 – 22 – – 402 – (74) (68) – – (142) (124) (13) – (1) (280) 122 238 62 69 – – – 1 70 – – – (1) 69 (25) (13) – – – (38) (9) – – – (47) 22 32 44 22 3,056 – – – 1 23 – – – (1) 22 (3) (8) – – (1) (12) (7) – – 1 497 – (232) 11 3,332 459 – (273) (11) 3,507 (2,086) (548) – 76 (4) (2,562) (483) – 143 6 (18) (2,896) 4 11 19 611 770 970 DDoS protection as-a-service assets depreciation is charged to cost of sales. Company The Company has no property, plant and equipment (2017: $nil). 69 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements12. Investment in subsidiaries Company Cost At 1 January 2017 Additions Foreign currency translation At 31 December 2017 and at 1 January 2018 Capitalisation of intercompany balances Additions Foreign currency translation At 31 December 2018 Impairment At 1 January 2017 Charge for the year Foreign currency translation At 31 December 2017 Opening adjustment – IFRS 9 Financial Instruments At 1 January 2018 Impairment charge Foreign currency translation At 31 December 2018 Net book value At 31 December 2018 At 31 December 2017 At 1 January 2017 Investment in Corero Network Security, Inc. and Corero Network Security (UK) Limited $’000 Investment in Corero Group Services Limited $’000 Loan note $’000 Total $’000 50,761 8,303 4,820 63,884 2,736 – (3,515) 63,105 (36,002) (10,789) (3,419) (50,210) – (50,210) – 2,763 (47,447) 15,658 13,674 14,759 – – – – 7,565 – – 7,565 – – – – – – (3,652) – (3,652) 3,913 – – 6,378 342 621 7,341 – 370 (419) 7,292 – – – – (1,745) (1,745) – – 57,139 8,645 5,441 71,225 10,301 370 (3,934) 77,962 (36,002) (10,789) (3,419) (50,210) (1,745) (51,955) (3,652) 2,763 (1,745) (52,844) 5,547 7,341 6,378 25,118 21,015 21,137 The Directors have reviewed the carrying value of the cost of investments in subsidiaries of the Company with reference to current and future trading conditions and a valuation based on a discounted free cash flow which the Directors consider to be an appropriate valuation methodology. As at 31 December 2018 the provision against investment in subsidiaries was $51.1 million (2017: $50.2 million). The Company’s investment in Corero Network Security, Inc. includes a loan note instrument. These loan notes bear interest at 5.0% per annum which at the election of Corero Network Security, Inc. is payable quarterly or added to the principal amount which is due on 31 October 2021. As at 31 December 2018 the expected credit loss provision was $1.7 million (2017: $nil). The Company owns: • 100% of the issued share capital of Corero Network Security, Inc. a company incorporated in Delaware, USA. The company’s business address is 225 Cedar Hill Street, Marlborough, MA 01752, USA. The principal business of the company consists of the development and sale of hardware and software security products. • 100% of the issued share capital of Corero Group Services Limited, a company incorporated and registered in England and Wales. The company’s business address is Regus House, Highbridge, Oxford Road, Uxbridge, Middlesex, UB8 1HR. The principal business of the company consists of providing administration services to the Group. • 100% of the issued share capital of Corero Network Security (UK) Limited, a company incorporated and registered in England and Wales. The company’s business address is 3rd Floor, 53 Hanover Street, Edinburgh, EH2 2PJ. The principal business of the company consists of providing development and sales and marketing services on behalf of Corero Network Security, Inc. 70 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 201813. Inventories Gross inventory Less: provision for impairment Net inventory Group 2018 $’000 282 (157) 125 Group 2017 $’000 207 (113) 94 Net inventory comprises finished goods and raw materials. The value of inventory recognised as an expense was $1.5 million (2017: $1.6 million). Company The Company holds no inventory (2017: $nil). 14. Trade and other receivables Trade receivables Contract assets (note 4) Less: provision for impairment of trade receivables Net trade receivables Amounts owed by subsidiaries Other debtors Prepayments Group 2018 $’000 831 1,360 – 2,191 – 109 904 3,204 Group 2017 $’000 Company 2018 $’000 Company 2017 $’000 223 764 – 987 – 137 877 2,001 – – – – – 78 – 78 – – – – 6,967 76 – 7,043 None of the Company’s trade and other receivables are secured by collateral or credit enhancements. The Group applies the simplified approach to measuring expected credit losses using a lifetime expected credit loss for trade receivables and contract assets. To measure expected credit losses on a collective basis, trade receivables and contract assets are grouped based on a similar credit risk and aging. The expected loss rates are based on the Group’s historical credit losses experienced over a two year period prior to the period end. The historical loss rates are then adjusted for current and forward-looking information on macroeconomic factors affecting the Group’s customers. The Group has identified gross domestic product growth rates, unemployment rates and inflation rates as the key macroeconomic factors in the countries in which the Group operates. The calculated expected credit loss allowance for the current and prior reporting periods has not been included as an impairment provision as the Directors consider it to be immaterial. The Directors consider that the carrying amount of trade and other receivables approximates their fair value. 71 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements14. Trade and other receivables continued The maturity profile of trade and other receivables is set out in the table below: In one year or less, or on demand In more than one year, but not more than five years Group 2018 $’000 2,977 227 3,204 Group 2017 $’000 1,925 76 2,001 Company 2018 $’000 Company 2017 $’000 6 72 78 – 7,043 7,043 Balances due in more than one year, but not more than five years, are presented as non-current in the Statement of Financial Position. The analysis of trade and other receivables by foreign currency is set out in the table below: US dollars UK pound Group 2018 $’000 2,519 685 3,204 Group 2017 $’000 1,651 350 2,001 Company 2018 $’000 Company 2017 $’000 – 78 78 – 7,043 7,043 The Group’s foreign currency receivables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the loss for the year from exchange rate movements on such financial instruments. 15. Trade and other payables Trade payables Other payables Accruals Group 2018 $’000 895 186 852 1,933 Group 2017 $’000 720 16 569 1,305 Company 2018 $’000 Company 2017 $’000 – – 134 134 – – – – None of the Group or Company’s trade and other payables are secured by collateral or credit enhancements. The Directors consider that the carrying amount of trade and other payables approximates its fair value. 78% (2017: 90%) of the trade and other payables are due in less than three months. The analysis of trade and other payables by foreign currency is set out in the table below: US dollars UK pound Group 2018 $’000 1,064 869 1,933 Group 2017 $’000 903 402 1,305 Company 2018 $’000 Company 2017 $’000 – 134 134 – – – The Group’s foreign currency payables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the loss for the year from exchange rate movements on such financial instruments. 72 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 201816. Borrowings The Group and Company borrowings. Bank loan 2018 $’000 3,606 2017 $’000 – The Company bank loan comprises a four-year term GBP sterling bank loan of £3.0 million, which was drawn down in May 2018, with quarterly repayments commencing on 31 March 2019. These quarterly repayments increase from £150,000 on 31 March 2019 to £310,000 on 31 March 2022 such that the loan will be repaid in full by 31 March 2022. The loan costs were $286,000, $143,000 of which are deferred until 31 March 2022. The bank loan has no early repayment penalties or redemption premium. The bank loan terms include the payment of a fee equal to 1.0% of the disposal proceeds on a sale or a change of control of the Company above a threshold amount of £100 million if such disposal or change of control occurs before April 2025. Interest is payable quarterly in arrears based on 3-month GBP Libor plus 7.5%. The loan principal repayment schedule by year for the bank loan is: Year 2019 2020 2021 2022 $’000 849 1,174 1,410 395 3,828 The contractual future cash flows, including undiscounted interest based on the interest rate at 31 December 2018 of 8.412% for the bank loan, are: Year 2019 2020 2021 2022 $’000 1,146 1,390 1,516 404 4,456 The bank loan is secured by debentures over the business assets of all Group companies and by Group company guarantees including a guarantee from the Company. The bank loan terms include typical covenants for such a loan, as well as revenue and cash consumption covenants, which are tested quarterly and monthly respectively. These covenants were met for each covenant reporting period in the reporting period ended 31 December 2018. The $1.5 million accounts receivable financing facility in place at 31 December 2017, which was not utilised at 31 December 2017, was repaid and terminated in April 2018, and the related security, comprising a first lien on the corporate assets of Corero Network Security, Inc. and guarantee from the Company, were discharged. 73 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements16. Borrowings continued At 31 December 2018, the Group’s liabilities have contractual maturities which are summarised below. These contractual maturities reflect the payment obligations which may differ from the carrying values of the liabilities at the balance sheet date. Group Trade and other payables Total Company Trade and other payables Total 17. Financial instruments The Group’s financial instruments are categorised as shown below: Group In one year or less, or on demand Between two and five years 2018 $’000 1,799 1,799 2017 $’000 1,305 1,305 2018 $’000 134 134 2017 $’000 – – In one year or less, or on demand Between two and five years 2018 $’000 – – 2017 $’000 – – 2018 $’000 134 134 2017 $’000 – – Financial assets Trade and other receivables Cash Group Financial liabilities Trade and other payables Borrowings Book Value 2018 $’000 Book Value 2017 $’000 2,274 8,026 10,300 1,074 1,365 2,439 Book Value 2018 $’000 Book Value 2017 $’000 1,933 3,828 5,761 1,305 – 1,305 The Group manages liquidity and credit risk in line with the financial risk management objectives and policies as set out on page 41. At the present time the Group does not have significant exposure to foreign exchange or interest rate risk. There are no differences between the fair values and book values held by the Group. 74 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 201818. Deferred income Group Current More than one year but less than five years 2018 $’000 2,034 846 2,880 2017 $’000 1,702 287 1,989 The Group’s deferred income balance will be recognised as revenue evenly over the remaining term of the service and support agreements in place. The service and support agreements expire at various times throughout the year with no particular seasonality. Company The Company has no deferred income (2017: $nil). 19. Pensions The Group’s pension arrangements are operated through defined contribution schemes. Defined contribution schemes Defined contribution pension costs Accounts accrued as payable to schemes 2018 $’000 160 3 2017 $’000 125 – 20. Share capital Authorised share capital The authorised share capital comprises 745,821,970 (2017: 745,821,970) ordinary shares of 1 pence (“p”) (1.28 cents (“c”)) each. Issued ordinary share capital 1 January 2017 203,417,642 ordinary shares of 1p each Issued 112,000,000 ordinary shares of 1p each (1.28c) 31 December 2017 and 1 January 2018 315,417,642 ordinary shares of 1p each Issued 69,565,217 ordinary shares of 1p each (1.38c) 17,008,969 ordinary shares of 1p each (1.32c) 3,333 ordinary shares of 1p each (1.28c) 31 December 2018 401,995,161 ordinary shares of 1p each $’000 3,119 1,437 4,556 959 225 – 5,740 On 25 April 2017, 112,000,000 ordinary shares with a nominal value of 1p were issued at 5.0p (6c) per share by way of a subscription and placing. On 27 April 2018, 69,656,217 ordinary shares with a nominal value of 1p were issued at 5.75p (8c) per share by way of a subscription and placing. On 19 October 2018, 17,008,969 ordinary shares with a nominal value of 1p were issued at 8.9p (12c) per share by way of a subscription. On 1 November 2018, 3,333 ordinary shares with a nominal value of 1p were issued at 8.0p (10c) per share as the result of the exercise of an employee share option. 75 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements21. Share premium 1 January 2017 112,000,000 ordinary shares of 5p each (6c) less issue costs 31 December 2017 and at 1 January 2018 69,565,217 ordinary shares of 5.75p each (8c) less issue costs 17,008,969 ordinary shares of 8.9p each (12c) less issue costs 3,333 ordinary shares of 8.0p each (10c) 31 December 2018 $’000 67,681 5,558 73,239 4,355 1,744 – 79,338 Consideration received in excess of the nominal value of the 69,565,217 shares issued on 27 April 2018 as a result of the subscription and placing has been included in share premium, less registration, commission and professional fees of $200,000. Consideration received in excess of the nominal value of the 17,008,969 shares issued on 19 October 2018 as a result of the subscription has been included in share premium, less registration and professional fees of $32,000. The amount of such directly attributable costs deducted from share premium in 2017 was $193,000. 22. Employees and Directors Employee expenses, including Directors, during the period Group Wages and salaries Social security costs Other pension costs (note 19) Average monthly numbers of employees (including Directors) employed Sales and marketing Technical, support and services Management, operations and administration Company The Company has no employees (2017: nil). Total 2018 $’000 6,958 671 160 7,789 Total 2017 $’000 7,846 753 125 8,724 2018 Number 2017 Number 14 31 6 51 19 32 8 59 76 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 2018Directors, being the Key Management personnel Directors Ashley Stephenson Andrew Lloyd Andrew Miller Jens Montanana Richard Last Salary & fees $’000 270 346 202 33 25 876 Bonus $’000 Benefits $’000 Pension $’000 Subtotal $’000 Options $’000 Company National Insurance Contributions $’000 50 11 48 – – 109 21 – 7 – – 28 – 13 20 – – 33 341 370 277 33 25 1,046 125 – 78 21 10 234 8 46 32 – 2 88 Total 2018 $’000 Total 2017 $’000 474 416 387 54 37 352 328 310 36 29 1,368 1,055 Bonus payments of $109,000 were made to Directors in respect of the year to 31 December 2018 (2017: $124,000). Ashley Stephenson has an employment agreement with a wholly owned subsidiary of the Company which provides for the payment of six months’ base salary if the agreement is terminated by the Company without cause. Andrew Miller has an employment agreement which can be terminated by either party on not less than six months’ written notice. A subsidiary company provides for pension contributions (included in the table above) of 10% of basic salary payable to a personal pension plan. Andrew Lloyd’s employment agreement was terminated with effect from 4 January 2019, and he resigned as a Director of the Company on this date, with such termination having been agreed on 31 December 2018. The salary and fees paid to Andrew Lloyd for the year ended 31 December 2018 in the table above include contractual severance and holiday pay costs totalling $106,000. A subsidiary company provided for pension contributions (included in the table above) of 5% of basic salary payable to the Group’s defined pension plan. Jens Montanana notified the Company that he wished to waive his Non-Executive Director fees for the year ended 31 December 2018 of $33,000. Jens Montanana waived his Non-Executive Director fees for the year ended 31 December 2017 of $34,000. 23. Operating lease commitments The Group has total future minimum lease payments under non-cancellable operating leases totalling $235,000 (2017: $360,000) analysed by year of expiry as follows: Land and building agreements expiring: Within one year Within two to five years Other agreements expiring: Within one year Within two to five years Other operating leases agreements relate to the costs of a co-location provider. Company The Company has no operating lease commitments (2017: $nil). 2018 $’000 2017 $’000 84 91 60 – 235 83 53 1 223 360 77 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements24. Contingent liabilities Corero Network Security (UK) Limited was in December 2015 awarded a grant of £600,000 for a development project over three years from Scottish Enterprise. Any monies becoming repayable by Corero Network Security (UK) Limited under the grant terms for breaches of the grant conditions are guaranteed by the Company. These conditions which are typical for a grant of this nature, and which apply for a period of five years from the final grant payment date (being 14 March 2019), include maintaining minimum headcount in Scotland and no change of control. 25. Share options The Company has the following share option schemes: • Enterprise Management Incentive Scheme for its employees, which has been approved by HMRC • Executive Enterprise Management Incentive Scheme, which has been approved by HMRC • Unapproved Share Option Scheme • Deferred Payment Share Plan In August 2010, 1,257,000 options were granted to certain Directors and employees under the Executive Enterprise Management Incentive scheme and Unapproved Share Option Scheme. The options granted vested immediately upon grant. All other options granted in the period 2010 to 2018 have a three year vesting period, vesting one third on the first anniversary of grant, one third on the second anniversary of grant and one third on the third anniversary of grant. Shares acquired on the exercise of an option may not be sold until the expiry of the second anniversary following the date of option grant. With the exception of options granted in April 2017 to Directors and certain employee which include a revenue growth performance vesting condition, there are no vesting conditions for options granted. If an option holder ceases to be in employment or hold office within the Group, options granted shall immediately lapse unless such cessation is because of the option holder’s death; the option holder’s ill health or disability; the company that employs the option holder ceasing to be under the control of the Company or such company ceasing to be within the Group; the transfer of sale of the undertaking or part-undertaking in which the option holder is employed to a person who is neither under the control of the Company nor within the Group; or any other reason that the Board in its absolute discretion shall determine. On a cessation of employment or office as set out above, options shall be exercisable to the extent they have vested according to the terms of the option agreement and the provisions of the relevant share option scheme and must be exercised within 30 days following such cessation unless otherwise determined by the Board or if such cessation is by reason of death in which case the option holder’s personal representatives must exercise the option within 12 months following the date of the option holder’s death. On 18 March 2014, the Enterprise Management Incentive Scheme was extended by 10 years to 20 April 2021. 78 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 2018Share options granted at 31 December 2018 were as follows: Option Holders Date granted Expiry date Enterprise Management Incentive Scheme Exercise price – pence (cents) At 1 January 2018 Granted Exercised Forfeit/ cancelled At 31 December 2018 Other Holders April 2015 April 2017 June 2017 April 2025 15p (23c) 500,000 April 2027 8p (10c) 1,613,569 June 2027 13.6 (18c) 1,715,305 September 2017 September 2027 9.1p (12c) 542,000 – – – – April 2018 April 2028 5.9p (7c) October 2018 October 2028 11.0p (14c) – – 13,000 3,012,432 Executive Enterprise Management Incentive Scheme Andrew Miller August 2010 August 2020 25p (41c) 476,000 September 2012 March 2022 54.5p (89c) 80,000 April 2013 May 2014 May-2018 April 2023 25p (38c) 250,000 May 2024 25p (42c) 362,570 May-2028 13.6p (18c) October 2018 October 2028 11.0p (14c) – – 2,356,000 599,479 Andrew Lloyd April 2017 April 2027 8p (10c) 3,124,999 Unapproved Share Option Scheme Jens Montanana August 2010 August 2020 25p (41c) 165,000 March 2012 March 2022 54.5p (89c) 30,000 April 2013 April 2023 25p (38c) 80,000 January 2016 January 2026 20p (29c) 150,000 April 2017 May-2018 April 2027 8p (10c) 994,000 May-2028 13.6p (18c) October 2018 October 2028 11.0p (14c) – – 425,000 400,000 Richard Last Andrew Lloyd Ashley Stephenson Andrew Miller April 2017 June 2017 April 2027 8p (10c) 450,000 June 2027 13.6 (18c) 180,000 – – October 2018 October 2028 11.0p (14c) – 200,000 April 2017 June 2017 April 2017 June 2017 April 2027 8p (10c) 870,001 June 2027 13.6 (18c) 200,000 April 2027 8p (10c) 2,319,000 June 2027 13.6 (18c) 3,200,000 – – – – October 2018 October 2028 11.0p (14c) – 2,400,000 May 2014 April 2015 May 2024 25p (42c) 387,430 April 2025 15p (23c) 300,000 January 2016 January 2026 20p (29c) 500,000 April 2017 April 2027 8p (10c) 1,919,000 – – – – October 2018 October 2028 11.0p (14c) – 900,521 – – – – – – – – – – – – 500,000 (3,333) (18,667) 1,591,569 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – (10,000) 1,705,305 (522,000) – 20,000 13,000 (300,000) 2,712,432 (476,000) (80,000) (250,000) (362,570) – – – – – – – 2,356,000 599,479 3,124,999 (165,000) (30,000) (80,000) (150,000) – – – – – – – – – – – (387,430) (300,000) (500,000) – – – – 994,000 425,000 400,000 450,000 180,000 200,000 870,001 200,000 2,319,000 3,200,000 2,400,000 – – – – – 1,919,000 900,521 79 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements25. Share options continued Option Holders Date granted Expiry date Exercise price – pence (cents) At 1 January 2018 Granted Exercised Forfeit/ cancelled At 31 December 2018 Other holders August 2010 August 2020 31p (50c) 308,000 March 2011 March 2021 40p (65c) 290,000 September 2011 September 2021 37.5p (61c) 40,000 March 2012 March 2022 54.5p (89c) 140,000 April 2013 May 2014 April 2023 25p (38c) 100,000 May 2024 25p (42c) 670,666 September 2014 September 2024 25p (41c) 5,000 April 2015 April 2025 15p (23c) 53,000 October 2015 September 2025 15p (23c) 105,000 May 2016 May 2026 20p (29c) 100,000 September 2016 September 2026 22.5p (33c) 462,500 April 2017 June 2017 April 2027 8p (10c) 896,626 June 2027 13.6 (18c) 1,096,750 September 2017 September 2027 9.1p (12c) 505,000 – – – – – – – – – – – – – – October 2018 October 2028 11.0p (14c) – 3,338,568 – – – – – – – – – – – – – – – – – – – – – 308,000 290,000 40,000 140,000 100,000 670,666 (5,000) – – – 53,000 105,000 (80,000) 20,000 (7,500) 455,000 (273,000) 623,626 (331,250) 765,500 – – 505,000 3,338,568 25,181,416 13,645,000 (3,333) (4,328,417) 34,494,666 The closing mid-market price for the Company’s shares at 31 December 2018 was 12.5p (16c) and the high and low for the year was 13.35p (17c) and 5.6p (8c). In the 12 months to 31 December 2018, 3,333 options were exercised and 4,328,417 options were forfeited. On 9 June 2017, the Company announced the cancellation and re-granting of options over Ordinary Shares to certain Directors and employees, with an option re-grant price of 13.6p (“New Option Grant Price”) being the weighted average price of the Company’s historic investment rounds. A total of 6,667,055 options were granted on 8 June 2017 at the New Option Grant price in return for the cancellation of existing option grants. The new options have the same vesting, with no performance vesting conditions, and share sale conditions as the other share option grants. The Company also announced on 9 April 2017 that it intended to cancel 2,356,000 options previously granted to Andrew Miller and 425,000 options previously granted to Jens Montanana and grant an equal number of new options to each of them (the “New Concert Party Options”) at the New Option Grant Price. Andrew Miller and Jens Montanana are considered to be a “Concert party” under the City Code on Takeovers and Mergers. Since the terms of the New Concert Party Options were different from existing options currently held by Andrew Miller and Jens Montanana, the Company required consent from the Panel on Takeovers and Mergers (“Panel”) to waive the obligation on them to make a general offer to shareholders under Rule 9 of the Code that could otherwise arise if the New Concert Party Options were exercised. On 8 May 2018, 2,356,000 previously granted to Andrew Miller and 425,000 options previously granted to Jens Montanana were cancelled. On 9 May 2018, 2,356,000 options were granted to Andrew Miller and 425,000 options were granted to Jens Montanana at the New Option Grant Price. The new options have the same vesting, with no performance vesting conditions, and share sale conditions as the other share option grants. The Panel’s waiver was approved by independent shareholders, being shareholders other than Andrew Miller and Jens Montanana, at the 2018 Annual General Meeting. 80 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 2018Share options granted at 31 December 2017 were as follows: Option Holders Date granted Expiry date Exercise price Enterprise Management Incentive Scheme At 1 January 2017 Granted Exercised Forfeit/ cancelled At 31 December 2017 Other Holders March 2011 March 2012 March 2021 40p (65c) 40,000 March 2022 54.5p (89c) 25,000 September 2012 September 2022 43p (70c) 110,000 April 2013 May 2014 April 2023 25p (38c) 85,000 May 2024 25p (42c) 40,000 September 2014 September 2024 25p (41c) 10,000 April 2015 April 2025 15p (23c) 750,000 October 2015 September 2025 15p (23c) 57,000 January 2016 January 2026 20p (29c) 1,067,000 May 2016 April 2017 June 2017 May 2026 22.5p (33c) 31,305 April 2027 8p (10c) June 2027 13.6 (18c) September 2017 September 2027 9.1p (12c) – – – 1,620,569 1,715,305 542,000 Executive Enterprise Management Incentive Scheme Andrew Miller August 2010 August 2020 25p (41c) 476,000 September 2012 March 2022 54.5p (89c) 80,000 Andrew Lloyd April 2013 May 2014 April 2017 April 2023 25p (38c) 250,000 May 2024 25p (42c) 362,570 April 2027 8p (10c) – 3,124,999 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – (40,000) (25,000) (110,000) (85,000) (40,000) (10,000) – – – – – – (250,000) 500,000 (57,000) – (1,067,000) (31,305) – – – (7,000) 1,613,569 – – – – – – – 1,715,305 542,000 476,000 80,000 250,000 362,570 3,124,999 81 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial StatementsExpiry date Exercise price At 1 January 2017 Granted Exercised Forfeit/ cancelled At 31 December 2017 August 2020 March 2022 April 2023 January 2026 April 2027 March 2022 April 2023 January 2026 April 2027 June 2027 April 2023 May 2024 January 2026 April 2027 June 2027 March 2022 April 2023 May 2024 April 2025 January 2026 April 2027 June 2027 May 2024 April 2025 January 2026 April 2027 August 2020 March 2021 March 2021 September 2021 March 2022 September 2022 April 2023 September 2023 May 2024 September 2024 April 2025 September 2025 May 2026 September 2026 April 2027 June 2027 September 2027 25p (41c) 54.5p (89c) 25p (38c) 20p (29c) 8p (10c) 54.5p (89c) 25p (38c) 20p (29c) 8p (10c) 13.6 (18c) 25p (38c) 25p (42c) 20p (29c) 8p (10c) 13.6 (18c) 54.5p (89c) 25p (38c) 25p (42c) 15p (23c) 20p (29c) 8p (10c) 13.6 (18c) 25p (42c) 15p (23c) 20p (29c) 8p (10c) 31p (50c) 36p (59c) 40p (65c) 37.5p (61c) 54.5p (89c) 43p (70c) 25p (38c) 25p (40c) 25p (42c) 25p (41c) 15p (23c) 15p (23c) 20p (29c) 22.5p (33c) 8p (10c) 13.6 (18c) 9.1p (12c) 165,000 30,000 80,000 150,000 – 20,000 60,000 100,000 – – 60,000 40,000 100,000 – – – – – – 994,000 – – – 450,000 180,000 – – – 870,001 200,000 – 180,000 – 400,000 – 1,720,000 – 200,000 – 700,000 – 2,319,000 – 3,200,000 – – – 1,919,000 – – – – – – – – – – – – – – 1,239,626 1,371,750 505,000 20,251,250 387,430 300,000 500,000 – 308,000 54,750 290,000 163,500 206,250 7,000 287,000 40,000 1,054,416 120,000 343,000 277,000 1,073,000 470,500 – – – 13,270,721 – – – – – – – – – – – – – – – – – – – – (20,000) (60,000) (100,000) – – (60,000) (40,000) (100,000) – – 165,000 30,000 80,000 150,000 994,000 – – – 450,000 180,000 – – – 870,001 200,000 – (180,000) – – – (400,000) – – (1,720,000) – (200,000) – – (700,000) – – – 2,319,000 – 3,200,000 – 387,430 – – 300,000 – – 500,000 – – 1,919,000 – – 308,000 – – (54,750) – – 290,000 – – 40,000 (123,500) – 140,000 (66,250) – – – (7,000) 100,000 (187,000) – (40,000) – – 670,666 (383,750) – 5,000 (115,000) – 53,000 (290,000) – 105,000 (172,000) – 100,000 (973,000) – 462,500 (8,000) – 896,626 (343,000) – 1,096,750 (275,000) – 505,000 – – 25,181,416 – (8,340,555) 25. Share options continued Richard Last Date Option Holders granted Unapproved Share Option Scheme August 2010 Jens Montanana March 2012 April 2013 January 2016 April 2017 March 2012 April 2013 January 2016 April 2017 June 2017 April 2013 May 2014 January 2016 April 2017 June 2017 Andrew Lloyd Ashley Stephenson Andrew Miller Other holders March 2012 April 2013 May 2014 April 2015 January 2016 April 2017 June 2017 May 2014 April 2015 January 2016 April 2017 August 2010 March 2011 March 2011 September 2011 March 2012 September 2012 April 2013 September 2013 May 2014 September 2014 April 2015 October 2015 May 2016 September 2016 April 2017 June 2017 September 2017 82 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 2018Andrew Miller has a contractual right (granted in March 2011) to purchase 140,000 ordinary shares in the Company from the Employee Share Ownership Trust at 40p per share pursuant to a grant made to him under the Deferred Payment Share Plan. None of the Directors holding office at the balance sheet date exercised options during the year. Total number of options granted to Directors 31-Dec-18 Options granted 31-Dec-17 Options granted Relevant Share Option scheme Ashley Stephenson 7,919,000 5,519,000 Unapproved Share Option Scheme Andrew Lloyd Andrew Miller 4,195,000 4,195,000 Executive Enterprise Management Scheme and Unapproved Share Option Scheme 5,915,000 4,415,000 Executive Enterprise Management Scheme and Unapproved Share Option Scheme Jens Montanana 1,819,000 1,419,000 Unapproved Share Option Scheme Richard Last 830,000 630,000 Unapproved Share Option Scheme 20,678,000 16,178,000 The options held by Andrew Lloyd at 31 December 2018 include 1,331,667 share options which were forfeited in accordance with the settlement agreement with Andrew Lloyd dated 2 January 2019. Share-based payments The Nominations and Remuneration Committee (“NRC”) approves the grant of share options to employees of the Group under the Group’s share option schemes. Share options are granted with a fixed exercise price which is equal to the market price at the date of the grant or higher price determined by the NRC. The share options granted are required to be exercised within 10 years from the date of grant. Share options are valued using the Black-Scholes option-pricing model. Share options granted The weighted average fair value of the options granted in the year was 4.1p (5.5c). The value of share options granted during the year was calculated using the Black-Scholes option pricing model. The following variables and ranges were used: Share price at date of grants Exercise price Expected volatility Estimated years to exercise Risk free interest rate 2018 2017 6p–11p (7c–14c) 8p–9p (10c–12c) 6p–13.6p (7c–18c) 8p–13.6p (10c–18c) 56.1–61.5% 4.3–4.8 1.1% 0.26% 9.3–9.7 0.39–0.74% 83 Notice of AGMCorporate DirectoryOverviewStrategic ReportGovernanceFinancial Statements25. Share options continued The table below provides information on all options outstanding at the end of the year: Weighted average remaining contractual life Average remaining contractual life Options exercisable Exercise price range Weighted average share price Weighted average exercise price Expected volatility Risk free rate – 5 year gilt rate Expected dividend yield 8.6 years 6.3 years 9,607,999 6p–55p (8c–70c) 9p (12c) 12p (15c) 0.2%–61.5% 0.35%–2.5% Nil Volatility is calculated as the standard deviation of the closing daily share price over a period of 24 months prior to the grant date. Operating expenses in the Statement of Comprehensive Income included a charge of $22,000 (2017: $21,000) relating to employee share-based payments. 26. Related parties and transactions As part of the subscription and placing on 27 April 2018, Jens Montanana contributed $1.3 million, Richard Last contributed $54,000 and Andrew Lloyd contributed $8,000 (note 20). As part of the subscription and placing on 25 April 2017, Jens Montanana contributed $4.4 million, Andrew Miller contributed $13,000 and Andrew Lloyd contributed $19,000 (note 20). The Directors consider the Group’s key management personnel to be the Board of Directors of the Company whose compensation is detailed in note 22. Company key management compensation was $nil (2017: $nil) as the key management are employed by subsidiaries. 84 NOTES TO THE FINANCIAL STATEMENTS CONTINUEDCorero Network Security plc Annual Report and Accounts 2018Corero Network Security plc Annual Report and Accounts 2018NOTICE OF ANNUAL GENERAL MEETING NOTICE IS HEREBY GIVEN that the annual general meeting of the Company will be held at 11.00 a.m. on 21 May 2019 at 68 Lombard Street, London, EC3V 9LJ for the following purposes: Ordinary Business To consider and, if thought fit, pass the following resolutions which will be proposed as ordinary resolutions: 1. Report and accounts To receive the audited annual accounts of the Company for the year ended 31 December 2018, together with the Directors’ report and the Auditor’s report on those annual accounts. 2. Re-election of Director To re-elect Mr Richard Last, who retires by rotation in accordance with the Company’s articles of association, as a Director of the Company. 3. Re-election of Director To re-elect Mr Ashley Stephenson, who retires by rotation in accordance with the Company’s articles of association, as a Director of the Company. 4. Re-election of Director To re-elect Mr Peter George, who was appointed to the Board on 3 January 2019, as a Director of the Company. 5. Re-appointment of auditors To re-appoint BDO LLP as auditors of the Company to hold office from the conclusion of this AGM until the conclusion of the next annual general meeting at which accounts are laid before the Company. 6. Auditors’ remuneration To authorise the Directors to determine the remuneration of the auditors. Special Business To consider and, if thought fit, pass the following resolutions of which resolution 6 will be proposed as an ordinary resolution and resolutions 8 and 9 will be proposed as special resolutions: 7. Directors’ authority to allot shares THAT, in substitution for all existing and unexercised authorities and powers granted to the Directors prior to the date of this resolution in accordance with section 551 of the Companies Act 2006 (“Act”), the Directors be generally and unconditionally authorised for the purposes of section 551 of the Act to exercise all the powers of the Company to allot shares in the Company and grant rights to subscribe for or to convert any security into shares of the Company (such shares and rights to subscribe for or to convert any security into shares of the Company being “relevant securities”) up to a maximum nominal amount of £1,339,972.76 on such terms and conditions as the Directors may determine provided that, unless previously revoked, varied or extended, this authority shall expire on the earlier of the date falling 15 months after the date of the passing of this resolution and the conclusion of the next annual general meeting of the Company except that the Company may at any time before such expiry make an offer or agreement which would or might require relevant securities to be allotted after such expiry and the Directors may allot relevant securities in pursuance of such an offer or agreement as if this authority had not expired. F i n a n c i a l S t a t e m e n t s N o t i c e o f A G M 85 Corporate DirectoryOverviewStrategic ReportGovernance NOTICE OF ANNUAL GENERAL MEETING CONTINUED 8. Disapplication of pre-emption rights THAT, in substitution for all existing and unexercised authorities and powers granted to the Directors prior to the date of this resolution in accordance with section 570(1) of the Act and subject to and conditional on the passing of resolution 7, the Directors be and are hereby empowered to allot equity securities (as defined in section 560(1) of the Act) of the Company for cash, pursuant to the authority of the Directors under section 551 of the Act conferred by resolution 7 above, and/or by way of a sale of treasury shares for cash (by virtue of section 573 of the Act), in each case as if section 561(1) of the Act did not apply to such allotment, provided that this power shall be limited to: (a) the allotment of equity securities in connection with an offer by way of a rights issue or an offer of equity securities open for acceptance for a period fixed by the Directors (i) to the holders of ordinary shares in proportion (as nearly as may be practicable) to their respective holdings and (ii) to holders of other equity securities as required by the rights of those securities or as the Directors otherwise consider necessary, but subject to such exclusions or other arrangements as the Directors may deem necessary or expedient in relation to treasury shares, fractional entitlements, record dates, legal or practical problems in or under the laws of any territory or the requirements of any regulatory body or stock exchange; and (b) the allotment and/or sale of treasury shares for cash (otherwise than pursuant to resolution 8(a) above) of equity securities up to a maximum nominal amount of £401,991.83, and that, unless previously revoked, varied or extended, this power shall expire on the earlier of the date falling 15 months after the date of the passing of this resolution and the conclusion of the next annual general meeting of the Company except that the Company may before the expiry of this power make an offer or agreement which would or might require equity securities to be allotted (and treasury shares to be sold) after such expiry and the Directors may allot equity securities (and sell treasury shares) in pursuance of such an offer or agreement as if this power had not expired. 9. Authority to purchase Company’s own shares THAT the Company be generally and unconditionally authorised for the purposes of section 701 of the Act to make market purchases (as defined in section 693(4) of the Act) on a recognised investment exchange (as defined in section 693(5) of the Act) of ordinary shares of £0.01 each in the capital of the Company (“Ordinary Shares”) and to hold such shares as treasury shares (as defined in section 724(3) of the Act) and/or on such terms and in such manner as the Directors may from time to time determine provided that: (a) this authority shall be limited to the purchase of Ordinary Shares up to a maximum aggregate nominal value equal to £401,991.83 representing approximately 10% of the nominal value of the current issued ordinary share capital of the Company; (b) the minimum price which may be paid for such Ordinary Shares is £0.01 (exclusive of expenses); (c) the maximum price (exclusive of expenses) which may be paid for an Ordinary Share shall not be more than 5% above the average middle market quotations for an Ordinary Share on the relevant recognised investment exchange on which Ordinary Shares are traded for the five business days immediately preceding the date on which the Ordinary Share is purchased; (d) unless previously revoked, varied or extended, the authority hereby conferred shall expire at the earlier of the date which is 15 months from the date of the passing of this resolution and the conclusion of the next annual general meeting of the Company; and (e) the Company may make a contract or contracts to purchase Ordinary Shares under the authority hereby conferred prior to the expiry of such authority which will or may be executed wholly or partly after the expiry of such authority and may make a purchase of Ordinary Shares in pursuance of any such contract or contracts. Registered Office: Regus House Highbridge Oxford Road Uxbridge Middlesex UB8 1HR 86 Corero Network Security plc Annual Report and Accounts 2018The following notes explain your general rights as a shareholder and your rights to attend and vote at the AGM or to appoint someone else to vote on your behalf: Notes: 1. To be entitled to attend and vote at the AGM (and for the purpose of the determination by the Company of the number of votes they may cast), shareholders must be registered in the Register of Members of the Company at close of trading on 17 May 2019. Changes to the Register of Members after the relevant deadline shall be disregarded in determining the rights of any person to attend and vote at the AGM. 2. Shareholders, or their proxies, intending to attend the AGM in person are requested, if possible, to arrive at the AGM venue at least 20 minutes prior to the commencement of the AGM at 11.00 am (UK time) on 21 May 2019 so that their shareholding may be checked against the Company’s Register of Members and attendances recorded. 3. Shareholders are entitled to appoint another person as a proxy to exercise all or part of their rights to attend and to speak and vote on their behalf at the AGM. A shareholder may appoint more than one proxy in relation to the AGM provided that each proxy is appointed to exercise the rights attached to a different ordinary share or ordinary shares held by that shareholder. A proxy need not be a shareholder of the Company. 4. 5. In the case of joint holders, where more than one of the joint holders purports to appoint a proxy, only the appointment submitted by the most senior holder will be accepted. Seniority is determined by the order in which the names of the joint holders appear in the Company’s Register of Members in respect of the joint holding (the first named being the most senior). A vote withheld is not a vote in law, which means that the vote will not be counted in the calculation of votes for or against the resolution. If no voting indication is given, your proxy will vote or abstain from voting at his or her discretion. Your proxy will vote (or abstain from voting) as he or she thinks fit in relation to any other matter which is put before the AGM. 6. You can vote either: • by logging on to www.signalshares.com and following the instructions; • If you need help with voting online, or require a paper proxy form, please contact our Registrar, Link Asset Services, on 0871 664 0391 if calling from the UK, or +44 (0) 371 664 0391 if calling from outside of the UK, or email Link at enquiries@linkgroup.co.uk. Calls cost 12p per minute plus your phone company’s access charge. Calls outside the United Kingdom will be charged at the applicable international rate. Lines are open between 09:00 – 17:30, Monday to Friday excluding public holidays in England and Wales. • in the case of CREST members, by utilising the CREST electronic proxy appointment service in accordance with the procedures set out below. In each case the appointment of a proxy must be received by Link Asset Services at 34 Beckenham Road, Beckenham, Kent, BR3 4TU by 11.00 am on 17 May 2019. 7. 8. 9. If you return more than one proxy appointment, either by paper or electronic communication, the appointment received last by the Registrar before the latest time for the receipt of proxies will take precedence. You are advised to read the terms and conditions of use carefully. Electronic communication facilities are open to all shareholders and those who use them will not be disadvantaged. The return of a completed form of proxy, electronic filing or any CREST Proxy Instruction (as described in note 11 below) will not prevent a shareholder from attending the AGM and voting in person if he/she wishes to do so. CREST members who wish to appoint a proxy or proxies through the CREST electronic proxy appointment service may do so for the AGM (and any adjournment of the AGM) by using the procedures described in the CREST Manual (available from www.euroclear.com/site/public/EUI). CREST Personal Members or other CREST sponsored members, and those CREST members who have appointed a service provider(s), should refer to their CREST sponsor or voting service provider(s), who will be able to take the appropriate action on their behalf. 10. In order for a proxy appointment or instruction made by means of CREST to be valid, the appropriate CREST message (a ‘CREST Proxy Instruction’) must be properly authenticated in accordance with Euroclear UK & Ireland Limited’s specifications and must contain the information required for such instructions, as described in the CREST Manual. The message must be transmitted so as to be received by the issuer’s agent (ID RA10) by 11.00 am on 17 May 2019. For this purpose, the time of receipt will be taken to mean the time (as determined by the timestamp applied to the message by the CREST application host) from which the issuer’s agent is able to retrieve the message by enquiry to CREST in the manner prescribed by CREST. After this time, any change of instructions to proxies appointed through CREST should be communicated to the appointee through other means. 11. CREST members and, where applicable, their CREST sponsors or voting service providers should note that Euroclear UK & Ireland Limited does not make available special procedures in CREST for any particular message. Normal system timings and limitations will, therefore, apply in relation to the input of CREST Proxy Instructions. It is the responsibility of the CREST member concerned to take (or, if the CREST member is a CREST personal member, or sponsored member, or has appointed a voting service provider(s), to procure that his CREST sponsor or voting service provider(s) take(s)) such action as shall be necessary to ensure that a message is transmitted by means of the CREST system by any particular time. In this connection, CREST members and, where applicable, their CREST sponsors or voting system providers are referred, in particular, to those sections of the CREST Manual concerning practical limitations of the CREST system and timings. The Company may treat as invalid a CREST Proxy Instruction in the circumstances set out in Regulation 35(5)(a) of the Uncertificated Securities Regulations 2001. 12. Any corporation which is a shareholder can appoint one or more corporate representatives who may exercise on its behalf all of its powers as a shareholder provided that no more than one corporate representative exercises powers in relation to the same shares. 13. As at 10 April 2019 (being the latest practicable business day prior to the publication of this Notice), the Company’s ordinary issued share capital consists of 401,995,161 ordinary shares, carrying one vote each. Therefore, the total voting rights in the Company as at 10 April 2019 are 401,995,161. 14. Under Section 527 of the Companies Act 2006, shareholders meeting the threshold requirements set out in that section have the right to require the Company to publish on a website a statement setting out any matter relating to: (i) the audit of the Company’s financial statements (including the Auditor’s Report and the conduct of the audit) that are to be laid before the AGM; or (ii) any circumstances connected with an auditor of the Company ceasing to hold office since the previous AGM at which annual financial statements and reports were laid in accordance with Section 437 of the Companies Act 2006 (in each case) that the shareholders propose to raise at the relevant AGM. The Company may not require the shareholders requesting any such website publication to pay its expenses in complying with Sections 527 or 528 of the Companies Act 2006. Where the Company is required to place a statement on a website under Section 527 of the Companies Act 2006, it must forward the statement to the Company’s auditor not later than the time when it makes the statement available on the website. The business which may be dealt with at the AGM for the relevant financial year includes any statement that the Company has been required under Section 527 of the Companies Act 2006 to publish on a website. 15. Any shareholder attending the AGM has the right to ask questions. The Company must cause to be answered any such question relating to the business being dealt with at the AGM but no such answer need be given if: (a) to do so would interfere unduly with the preparation for the AGM or involve the disclosure of confidential information; (b) the answer has already been given on a website in the form of an answer to a question; or (c) it is undesirable in the interests of the Company or the good order of the AGM that the question be answered. 16. The following documents are available for inspection during normal business hours at the registered office of the Company on any business day from the date of this Notice until the time of the AGM and may also be inspected at the AGM venue, as specified in this Notice, from 10.00 am on the day of the AGM until the conclusion of the AGM: copies of the Directors’ letters of appointment or service contracts. 17. You may not use any electronic address (within the meaning of Section 333(4) of the Companies Act 2006) provided in either this Notice or any related documents (including the form of proxy) to communicate with the Company for any purposes other than those expressly stated. A copy of this Notice, and other information required by Section 311A of the Companies Act 2006, can be found on the Company’s website at www.corero.com G o v e r n a n c e F i n a n c i a l S t a t e m e n t s N o t i c e o f A G M 87 Corporate DirectoryOverviewStrategic Report CORPORATE DIRECTORY Directors Jens Montanana (Non-Executive Chairman) Richard Last (Non-Executive Director) Peter George (Non-Executive Director) Ashley Stephenson (CEO) Andrew Miller (CFO) Secretary and Registered Office Duncan Swallow Regus House Highbridge Oxford Road Uxbridge Middlesex UB8 1HR Nominated Adviser and Broker Cenkos Securities plc 6.7.8 Tokenhouse Yard London EC2R 7AS Auditor BDO LLP 55 Baker Street London W1U 7EU Solicitors Dorsey and Whitney LLP 199 Bishopsgate London EC2M 3UT Bankers Santander 2 The Forbury Reading RG1 3EU Square 1 Bank 406 Blackwell Street Suite 240 Durham North Carolina 27701 USA Registrars Link Asset Services The Registry 34 Beckenham Road Beckenham Kent BR3 4TU Website address www.corero.com 88 Corero Network Security plc Annual Report and Accounts 2018O v e r v i e w S t r a t e g i c R e p o r t G o v e r n a n c e F i n a n c i a l S t a t e m e n t s N o t i c e o f A G M C o r p o r a t e D i r e c t o r y A n n u al R e p o r t a n d A c c o u n t s 2 0 1 8 C o r e r o N e t w o r k S e c u r i t y p l c A n n u a l R e p o r t a n d A c c o u n t s 2 0 1 8 Registered Office Regus House Highbridge Oxford Road Uxbridge Middlesex UB8 1HR
Continue reading text version or see original annual report in PDF format above